如何清理编辑器等环境变量?
我有以下代码,但我认为我需要清理环境变量,但我不确定应该如何清理它们。我意识到我可以对它们进行消毒的程度可能有限,但我能做什么呢?
#!/usr/bin/perl
use 5.012;
use warnings;
use autodie;
use Env qw( EDITOR VISUAL );
use File::Temp qw( :seekable );
my $editor = '/usr/bin/nano';
if ( $VISUAL ) {
$editor = $VISUAL;
}
elsif ( $EDITOR ) {
$editor = $EDITOR;
} else {
warn 'set VISUAL and EDITOR env variables not set falling back to nano'
. "\n";
}
my $tmpf = File::Temp->new;
system $editor, $tmpf->filename;
open $tmpf, '<', $tmpf->filename;
print while ( <$tmpf> );
I've got the following code, but I'm thinking that I need to sanitize the env variables, but I'm not sure how exactly I should sanitize them. I realize there's probably a limit to how much I can sanitize them, but what can I do?
#!/usr/bin/perl
use 5.012;
use warnings;
use autodie;
use Env qw( EDITOR VISUAL );
use File::Temp qw( :seekable );
my $editor = '/usr/bin/nano';
if ( $VISUAL ) {
$editor = $VISUAL;
}
elsif ( $EDITOR ) {
$editor = $EDITOR;
} else {
warn 'set VISUAL and EDITOR env variables not set falling back to nano'
. "\n";
}
my $tmpf = File::Temp->new;
system $editor, $tmpf->filename;
open $tmpf, '<', $tmpf->filename;
print while ( <$tmpf> );
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我只在 CGI 脚本中做过类似的事情,所以也许这根本不是您想要的;我只是希望它能有所帮助。这是我使用的允许字符选择的修改版本,以及代码建议:
显然,如果您注意到环境变量中存在您认为不应该存在的字符(即不在 $allowed 中的字符),则无法更改环境变量string),但您可以检查此类字符是否存在,并在这种情况下使用默认编辑器。这只是我的拙见;也许该主题的专家稍后会回复,您将得到她/他的智慧:)
I have only ever done something like this in CGI scripts, so perhaps this is not at all what you're looking for; I'm just hoping it'll help a bit. Here's a modified version of the selection of allowed characters I used, and a code suggestion:
Obviously, you cannot change the environment variables if you notice characters in them which you think shouldn't be there (i.e. characters which are not in the $allowed string), but you could check for the presence of such characters and fall back on your default editor in such a case. This is just my humble suggestion; perhaps an expert on the topic will reply in a while, and you'll get her/his wisdom served on a silver platter :)
为什么需要对它们进行消毒?如果脚本的用户使用
VISUAL="rm -f"和 EDITOR 进行其他奇怪的操作,将会发生什么损害?在执行任何危险操作之前,您需要检查编辑器操作是否成功、文件是否已打开以及编辑后其内容是否有意义。但是,如果用户只能损坏自己的文件(您运行的系统不会让他们损坏您的文件,是吗?),那么就没有必要清理它们。提供默认值是合理的;当地情况决定了nano是否比vim更好。如果用户不能通过滥用 VISUAL 和 EDITOR 来损坏您的东西,那么我不会太担心他们选择损坏自己的东西。
如果您正在编写将以提升的权限运行的东西(例如,使用 SetUID 或 SetGID 权限),那么您必须更加担心它。 (Perl 代码缺少比担心要使用的编辑器更基本的检查。哦,但是
use autodie;意味着脚本在出现错误时自动中止,这对我来说听起来有点激进,但它可能确实可以原谅你 - 尽管我注意到它不处理系统 或exec除非您有use autodie qw(:all);)Why do you need to sanitize them at all? What damage is going to occur if the user of your script has
VISUAL="rm -f"and EDITOR to something else bizarre? You'd be checking that the editor operation succeeded, and that the file was opened, and that its contents made sense after the edit, before you did anything dangerous. But if the user is only able to damage their own files (you don't run a system where they can damage your files, do you?) then there isn't much need for sanitizing them. Providing a default is reasonable; local circumstances dictate whethernanois a better choice than, say,vim.If the user can't damage your stuff by abusing VISUAL and EDITOR, then I would not worry too much about them choosing to damage their own stuff.
If you are writing something that will run with raised privileges - with SetUID or SetGID privileges, for example - then you have to worry a lot more about it. (The Perl code is missing checks that are more fundamental than worrying about the editor to use. Oh, but that
use autodie;means the script automatically aborts on errors. That sounds a tad radical to me. But it probably does excuse you - though I note that it doesn't handlesystemorexecunless you haveuse autodie qw(:all);)我认为你需要对此稍微有不同的思考。毕竟,您的脚本似乎需要用户交互。因此,询问用户使用哪个编辑器并不是没有道理的。您可以在执行编辑器之前发出提示,如下所示:
,其中默认值将从
$ENV{EDITOR}、$ENV{ 填写VISUAL}或者如果两者均未定义,则为/usr/bin/nano。这样,用户就可以判断该值是否有意义。如果您对
$ENV{EDITOR}指向何处感到疑虑,那么您可能还必须对是否有人在用户路径中放置恶意可执行文件并将其命名为greateditor或类似的一些。I think you need to think slightly differently about this. After all, your script seems to need user interaction. Therefore, it would not be unreasonable to ask the user which editor to use. You can issue a prompt right before executing the editor as in:
where the default would be filled in from
$ENV{EDITOR},$ENV{VISUAL}or if neither is defined,/usr/bin/nano. That way, the user can judge whether the value makes sense.If you are paranoid about where
$ENV{EDITOR}points, you might also have to be paranoid about whether someone could have placed a malicious executable in the user's path and named itgreateditoror some such.使用带有多个参数的
system不需要您清理任何内容,因为不会调用任何 shell。您可能想先检查可执行文件是否存在,但这会使您的程序不必要地复杂化,并且您必须查看$PATH。像这样的环境变量通常也是可信的。不过,您可能想从系统中调用退出状态。您可以尝试先调用
$VISUAL,如果失败,再调用$EDITOR(如果设置了$VISUAL,则$ EDITOR应该充当后备)。Using
systemwith more than one argument doesn't require you to sanitize anything because no shell will be invoked. You might want to check if the executable exists first but it will complicate your program unnecessarily, and you'd have to look in$PATH. Also environmental variables like these are trusted in general.You might want to call the exit status from system, though. And you might try calling
$VISUALfirst, and if it fails, to call$EDITOR(if$VISUALis set,$EDITORis supposed to act as a fallback).