为什么管道打开在 Perl 的污点模式下不起作用？

发布于 2024-07-23 05:31:14 字数 581 浏览 7 评论 0原文

我的原始脚本如下：

my $cmd = "dir";
open (H, "$cmd |");
my @result = <H>;
close (H);
print STDERR @result,"\n";

该脚本运行良好。如果我将以下行添加到脚本中，它将无法工作：

$ENV{"LD_LIBRARY_PATH"} = "/opt/VRTSsfmh/lib";
$ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

调用管道打开时 Perl 使用什么？

添加以下代码解决了该问题：

if ($^O =~ /Win32/i) 
{
    $ENV{'SystemRoot'} =~ /([A-Z]:(\\[A-Za-z0-9_]+)+)/;
    my $system32_dir = $1."\\system32";
    $ENV{'PATH'} = $system32_dir;
}

原文

My original script is as follows:

my $cmd = "dir";
open (H, "$cmd |");
my @result = <H>;
close (H);
print STDERR @result,"\n";

This scripts works fine. If I add following line to the script, it fails to work:

$ENV{"LD_LIBRARY_PATH"} = "/opt/VRTSsfmh/lib";
$ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

What does Perl use when pipe open is called?

Addition of following code fixed the issue:

if ($^O =~ /Win32/i) 
{
    $ENV{'SystemRoot'} =~ /([A-Z]:(\\[A-Za-z0-9_]+)+)/;
    my $system32_dir = $1."\\system32";
    $ENV{'PATH'} = $system32_dir;
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一抹淡然 2024-07-30 05:31:14

您的问题与污点模式无关。您设置的

$ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin";

这些目录通常不存在于 Windows 计算机上。 dir 是 cmd.exe 内部命令，因此为了能够执行该命令，您需要将其所在的目录添加到路径中。

现在，请注意，您执行此操作的方式与将路径设置为已知的确定位置的整个要点相矛盾。恶意用户绝对有可能更改此环境变量以指向其危险版本的 dir。

事实上，如果您依赖任何 shell 内置命令，Windows 不一定安装在 C:\Windows 中，这会使在 Windows 上编写污染安全脚本变得复杂。

编辑：这是一个简短的测试程序，您可以将其用作基准：

#!/usr/bin/perl -T

use strict;
use warnings;

$ENV{PATH} = join(';', qw(C:\Windows C:\Windows\System32) );
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

open my $pipe_h, '-|', 'dir'
    or die "Cannot open pipe to dir: $!";

print while <$pipe_h>;

close $pipe_h
    or die "Cannot close pipe to dir: $!";

__END__

C:\Temp> perl -T v.pl

...

2009/05/25  08:58 AM             3,584 zzz.exe
              64 File(s)     32,125,365 bytes
              14 Dir(s)  39,251,894,272 bytes free

基本上，您需要的是系统管理员在安装时对可接受的路径进行硬编码，并且不受信任的用户没有写入权限剧本。

Your question is not really related to taint mode. You set

$ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin";

These directories do not normally exist on a Windows machine. dir is a cmd.exe internal command so to be able to execute that, you need to add the directory where it resides to the path.

Now, note that the way you go about doing it contradicts the whole point of setting the path to known definite locations. It is definitely possible for a nefarious user to change this environment variable to point to his dangerous version of dir.

The fact that Windows is not necessarily installed in C:\Windows complicates writing a taint-safe script on Windows if you rely on any of the shell builtins.

EDIT: Here is a short test program you can use as a baseline:

#!/usr/bin/perl -T

use strict;
use warnings;

$ENV{PATH} = join(';', qw(C:\Windows C:\Windows\System32) );
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

open my $pipe_h, '-|', 'dir'
    or die "Cannot open pipe to dir: $!";

print while <$pipe_h>;

close $pipe_h
    or die "Cannot close pipe to dir: $!";

__END__

C:\Temp> perl -T v.pl

...

2009/05/25  08:58 AM             3,584 zzz.exe
              64 File(s)     32,125,365 bytes
              14 Dir(s)  39,251,894,272 bytes free

Basically, what you need is for the system administrator to hardcode the acceptable path at installation time and for untrusted users not to have write permissions on the script.

回复收藏 0 原文