Is this particular concatenation of paths in Perl code available?

Question

Is this particular concatenation of paths in Perl code available?

Suppose an attacker controls a variable $untrusted_user_supplied_path. Is the following Perl code used?

my $untrusted_user_supplied_path = ...
if ($untrusted_user_supplied_path =~ /\.\./) {
  die("Tries to escape homedir.");
}
my $base_path = "/home/username/";
my $full_path = "${base_path}${untrusted_user_supplied_path}";
if (-e $full_path) {
  open(FILE, "<", $full_path) || die("File not accessible.");
  while (<FILE>) {
    # present the content to the user
  }
  close(FILE);
}

$untrusted_user_supplied_pathIs the code defined as usable if the attacker can choose a value so that he can read a file that is in a directory that is not a subdirectory $base_path(say /etc/passwd)?

It can be assumed that the code works under Linux. In addition, you can assume that there are no additional flaws in the code that represents the file to the user .

, , . ( chroot ..), . , . , , .

+3

security linux filesystems regex perl

knorv 14 . '09 12:45

5

homedir - , .

+9

Thomas 14 . '09 14:30

, . , :

/\.\./

:

m{/\.\./}

, . - , , dir1/../dir2/filename, .

+1

Tim 14 . '09 12:56

:

use Cwd;
my $full_path = "${canonical_base_path}${untrusted_user_supplied_path}";
my $canonical_full_path = abs_path($full_path);
if (substr($canonical_full_path, 0, length($base_path)) != $base_path) {
      die("Tries to escape homedir.");
}

. , $base_path .

+1

Tom Anderson 14 . '09 15:07

, , . "", , .

0

user181548 14 . '09 13:39

brian d foy · Accepted Answer · 2009-11-14T20:39:35+0000

, . . . , , , , , , , . , .

- , . , , , .. ..

, , . , , . , :

/home/username - , , , (.. , , ..)
- ,
- (, ).
,
perl , ( )
PERL5LIB, PERL5OPT -I ( )

. , , , . , . Perl taint ( Perl).

. , . , , , , , , . : ", ". , , , , , , .

, , . , , . , , , . , , - ( , ..) , ( ). , .

, - . , , . .

Is this particular concatenation of paths in Perl code available?

More articles: