Vulnerability Development mailing list archives

Re: PERL's -e check

From: Joe Testa <jst3290 () RITVAX ISC RIT EDU>
Date: Tue, 26 Dec 2000 16:20:51 -0500

At 07:11 PM 12/24/2000 -0500, you wrote:

Hi all --

        I've noticed here and there that some PERL scripts pass user input
directly into an open() call protected by a "-e" check.  Example:

        # $temp_file is taken from the submitted form
        if(-e $temp_file) {
                open(TEMP, "<$temp_file");
                ...
        }

        Is there any trick that would bypass the "-e"?  Thanks in advance.

        - Joe Testa


P.S.  Greets to @stake and the cDc.



    Given the responses I received from people, I now realize that I
should have been more clear.
    I want to know if there is any way to pass shell metacharacters
through the $temp_file variable in such a way that would pass the "-e"
check but still make it to the open() call.  Of course, lets forget that my
example uses "<", because this prevents "|" from working.
    I already tried inserting nulls here and there, but without success.

        - Joe Testa

P.S.  I'd like to personally thank Joseph Nicholas Yarbrough
<nyarbrough () lurhq com>
for privately replying to my first post to insult my "P.S." greets.  Thanks
for your immaturity, Joe!

Current thread:

PERL's -e check Joe Testa (Dec 26)
- Re: PERL's -e check Adam Prato (Dec 26)
- Re: PERL's -e check Matt Zimmerman (Dec 26)
- Re: PERL's -e check Joe Testa (Dec 26)
  - Re: PERL's -e check Matt Zimmerman (Dec 28)
- Re: PERL's -e check Juergen P. Meier (Dec 26)
- Re: PERL's -e check Pavel Kankovsky (Dec 27)