[Bioperl-l] CGI taint solved
Stefan Kirov
stefan.kirov at bms.com
Wed Feb 28 15:35:31 UTC 2007
Neil, I believe this is your situation:
http://wn.cyberwerks.com/2000/0411.html
my advice: any commands executed from within cgi script should have a
path hardcoded whenever possible.
If those commands require different path, try writing a wrapper shell
script that sets the environment (which should be reset to the default
once the shell script terminates). It all also depends on the type of
environment you have- it it is not secure you may wish to think hard how
to eliminate all security loopholes with CGI, I am definitely not an
expert on this.
Stefan
Chris Fields wrote:
> That could possibly clobber any other program calls from within the
> same script (unless they reside in /usr/local/bin) since you're
> explicitly assigning PATH, not appending:
>
> $ENV{"PATH"} = '/usr/local/bin';
>
> gets me (printing $ENV{"PATH"}):
>
> /usr/local/bin
>
> whereas this:
>
> $ENV{"PATH"} = '/usr/local/bin:' . $ENV{"PATH"};
>
> gets me:
>
> /usr/local/bin:/Users/cjfields/bin:/Users/cjfields/dart/bin:/usr/
> local/mysql/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
>
> There's probably a File::* module that does this safely per OS flavor.
>
> chris
>
> On Feb 28, 2007, at 4:50 AM, Neil Saunders wrote:
>
>
>> Apologies for running a one-man thread, but I realised that I've
>> now answered my
>> own question regarding errors with CGI, Bio::Factory::EMBOSS and
>> taint.
>>
>> Given that the EMBOSS binaries are in /usr/local/bin, adding:
>>
>> $ENV{'PATH'} = '/usr/local/bin'
>>
>> near the top of the script does the trick.
>>
>>
>> Neil
>> --
>> School of Molecular and Microbial Sciences
>> University of Queensland
>> Brisbane 4072 Australia
>>
>> http://nsaunders.wordpress.com
>>
>> _______________________________________________
>> Bioperl-l mailing list
>> Bioperl-l at lists.open-bio.org
>> http://lists.open-bio.org/mailman/listinfo/bioperl-l
>>
>
> Christopher Fields
> Postdoctoral Researcher
> Lab of Dr. Robert Switzer
> Dept of Biochemistry
> University of Illinois Urbana-Champaign
>
>
>
> _______________________________________________
> Bioperl-l mailing list
> Bioperl-l at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/bioperl-l
>
>
More information about the Bioperl-l
mailing list