gorpong@uunet.uu.net (Gordon C. Galligher) (07/04/90)
I am currently trying to do the following: Set up a separate root directory for guest users on the machine. I want to have a perl script to do a chroot() to the special place for the user and then let them in. That way they can use the machine as a mail hub, or whatever, but not be able to see any data on the system and such (ie: the bbs user will belong to this). To do that I initially hardcoded everything in the perl script, and it was fine. Instead of that, I decided to have a separate password/group file just for that and have the perl script query those files to get the information. That doesn't work because the very end when I want to chdir to their home directory (found in the other password file) perl reports: Insecure dependency in chdir at line .... I KNOW what I'm doing, and chdir'ing to their home directory is not a problem. I do open up the password/group files as root, because the files are readable ONLY by root (hence, they are secure). Perl won't let me do something this simple! I agree that it is nice to know when you are doing something rather insecure, but there should also be a way to turn it off for those of us that really do know what we are doing. I don't know of any other way to do this. Once I read the file the values are tainted. I therefore cannot use those values in anything else, or they become tainted. So, I can look at the values in the file and then throw them away; that's stupid. Larry, ANYBODY please help me! I'm not going to post the entire script because it is over 400 lines long. I'll take any ideas, no matter HOW off the wall. -- Gordon. -- Gordon C. Galligher <|> ..!uunet!telxon!gorpong <|> telxon!gorpong@uunet.uu.net Telxon Corporation <|> "It seems to me, Golan, that the advance of civiliza- Akron, Ohio, 44313 <|> tion is nothing but an exercise in the limiting of (216) 867-3700 (3512)<|> privacy." - Janov Pelorat -- _Foundation's Edge_
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (07/04/90)
In article <1990Jul3.203638.3747@uvaarpa.Virginia.EDU> telxon!teleng!gorpong@uunet.uu.net writes:
: I am currently trying to do the following: Set up a separate root directory
: for guest users on the machine. I want to have a perl script to do a chroot()
: to the special place for the user and then let them in. That way they can
: use the machine as a mail hub, or whatever, but not be able to see any data
: on the system and such (ie: the bbs user will belong to this). To do that
: I initially hardcoded everything in the perl script, and it was fine. Instead
: of that, I decided to have a separate password/group file just for that and
: have the perl script query those files to get the information.
:
: That doesn't work because the very end when I want to chdir to their home
: directory (found in the other password file) perl reports:
:
: Insecure dependency in chdir at line ....
:
: I KNOW what I'm doing, and chdir'ing to their home directory is not a
: problem. I do open up the password/group files as root, because the files
: are readable ONLY by root (hence, they are secure). Perl won't let me do
: something this simple! I agree that it is nice to know when you are doing
: something rather insecure, but there should also be a way to turn it off for
: those of us that really do know what we are doing. I don't know of any other
: way to do this. Once I read the file the values are tainted. I therefore
: cannot use those values in anything else, or they become tainted. So, I can
: look at the values in the file and then throw them away; that's stupid.
:
: Larry, ANYBODY please help me! I'm not going to post the entire script because
: it is over 400 lines long. I'll take any ideas, no matter HOW off the wall.
Here's an off-the-wall idea, straight from the manual:
... You can also bypass the taint-
ing mechanism by referencing subpatterns--perl presumes that
if you reference a substring using $1, $2, etc, you knew
what you were doing when you wrote the pattern:
$ARGV[0] =~ /^-P(\w+)$/;
$printer = $1; # Not tainted
This is fairly secure since \w+ doesn't match shell meta-
characters. Use of .+ would have been insecure, but perl
doesn't check for that, so you must be careful with your
patterns. This is the ONLY mechanism for untainting user
supplied filenames...
Perl doesn't try to figure out whether the file you're reading from
is suspect or not--it just presumes that all external input is
suspect. The tainting mechanism errs on the side of caution.
Note also that in your particular case, you could be reading the
passwd and group files with getpwent and getgrent, which wouldn't
taint their data. Then your code would be portable to a YP (mmmmph!),
er, NIS machine.
There's core scan one way to thin a mat. --ancient BASIC proverb
Larrygorpong@uunet.uu.net (Gordon C. Galligher) (07/05/90)
<>
[...basically bitching about taintedness of variables, and how I really do
know what I'm doing :-]
<> That doesn't work because the very end when I want to chdir to their home
<> directory (found in the other password file) perl reports:
<>
<> Insecure dependency in chdir at line ....
<>
Fixed the problem. I was doing the following:
if ( open(PWD, "$LOCALPASS") )
{
while (! eof(PWD) )
{
$line = <PWD>; chop $line;
@pwd = split(/:/, $line);
.....
Since $line was tainted, the split() didn't untaint it. I changed it to:
if ( open(PWD, "$LOCALPASS") )
{
while (! eof(PWD) )
{
$line = <PWD>; chop $line;
$line =~ /^(.+):(.*):(.+):(.+):(.*):(.+):(.*)$/;
($user, $pass, ... ) = ($1, $2, ...);
This caused $user, $pass, etc., to be untainted. Very wierd, but it was
documented in the manual page (in the dregs of the manual page :-) It
took quite a few readings of it before I understood that this was my way
out. Oh well. Thanks anyway!
-- Gordon.