[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with PostgreSQL

On Thu, 2006-03-16 at 13:13 -0800, Casey T. Deccio wrote:
> However, AFAICT, the code in pg_maintenance looks like it is secure
> enough for -T.  In fact, it doesn't fail when I run it.  Can you
> run /usr/sbin/pg_maintenance from the shell without error?
> 

I spoke too soon.  My apt-get upgrade for postgresql-common had not
completed when I responded :)  Mine has the same problem.  Apparently
@options is tainted (line 44) by the use of $v and $c and then used in
exec (line 49).  According to the postgresql-common changelog (Sun, 12
Mar 2006):

* Enable taint checking in all programs and fix the resulting breakage.

But, I'm still not sure why line 49 is a problem.  According to
http://www.perl.com/doc/manual/html/pod/perlsec.html :

(Important exception: If you pass a list of arguments to either system
or exec, the elements of that list are NOT checked for taintedness.)

Also, from man perlfunc :

If there is more than one argument in LIST, or if LIST is an array with
more than one value, calls execvp(3) with the arguments in LIST.

?
Casey
Reply to: