Bugtraq mailing list archives
Re: Vulnerability in Glimpse HTTP (fwd)
From: bri () MOJO CALYX NET (Brian S. Julin)
Date: Tue, 5 Aug 1997 09:09:09 -0400
Greetings, All these fixes scanning the pattern are all wonderful, but it would be much easier just to do a file test on the requested file name before trying to open it. open (FH,"$dir/archive.cfg") if test -d "$dir" and test -f "$dir/archive.cfg"; Also note that the only meta-characters you need to scan for are the arguments which open() accepts, namely "|" and the variants of ">", since you don't care (in fact want) read access to the file. Other meta-characters will be assumed to be inside the filename. The only time it gets fully parsed by the shell is when you use the pipe. Finally, all calls to open should specify the file opening mode by preceding the filename with "<" or something like that. When so preceeded, I don't think the piping attack would work, since the result would be open (FH,"<|command") which doesn't open a pipe. Also consider using the command sysopen(). I had never seen this error since I had long since rewritten most of GlimpseHTTP for my own purposes and I probably removed that part because it looked tacky. In fact now that I think of it I do remember replacing lots of regular expressions in the original version with limited sets of permissible characters. -- Brian S. Julin
Current thread:
- Re: Vulnerability in Glimpse HTTP (fwd) Brian S. Julin (Aug 05)