Re: Potentially insecure Perl scripts

To: Vincent Lefevre <vincent@vinc17.net>
Cc: perl@packages.debian.org, security@debian.org, Guillem Jover <guillem@debian.org>, debian-devel@lists.debian.org
Subject: Re: Potentially insecure Perl scripts
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 25 Jan 2019 13:55:47 +0000
Message-id: <[🔎] 23627.5475.75592.714791@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20190124234120.GA26896@zira.vinc17.org>
References: <[🔎] 20190123130554.GA23813@cventin.lip.ens-lyon.fr> <[🔎] 20190124135558.GA6524@thunder.hadrons.org> <[🔎] 23625.54560.431642.679629@chiark.greenend.org.uk> <[🔎] 23625.55120.700245.2863@chiark.greenend.org.uk> <[🔎] 20190124234120.GA26896@zira.vinc17.org>

Vincent Lefevre writes ("Re: Potentially insecure Perl scripts"):
> I fear that this is not that simple: I suppose that this will break
> scripts that modify @ARGV to make <> secure. :(

The easiest way to sanitise a string to make it safe for 2-argument
open involves:
 * prepending ./ if the string does not start with /
 * appending \0 (a nul byte)
The result is also a valid operand for 3-argument open.

Now some people may have prepended < needlessly but (i) if you thought
about this problem this hard you would probably try to make your thing
compatible with a hypothetical fixed <> (ii) we're probably in a small
minority of a tiny minority here (iii) changing the workaround so it
works for both is easy.

So I think this was a reasonable question to ask, but the answer is
that this is very unlikely to be a significant problem.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

Follow-Ups:
- Re: Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Potentially insecure Perl scripts
  - From: Guillem Jover <guillem@debian.org>
- Re: Potentially insecure Perl scripts
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Potentially insecure Perl scripts
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Bug#920437: ITP: displaylink -- Proprietary driver for DisplayLink devices
Next by Date: Bug#920443: ITP: salmid -- rapid Kmer based Salmonella identifier from sequence data
Previous by thread: Re: Potentially insecure Perl scripts
Next by thread: Re: Potentially insecure Perl scripts
Index(es):
- Date
- Thread