• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7700 for generic doc work for TWiki-6.0.2. Use View topic Item7703 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

The checkin of new revision did not work sometimes. Everything worked but the final ci call seemed to be omited. After enabling STDERR in Sandbox::sysCommand() (line 316) the following could be seen:

Insecure dependency in exec while running with -T switch at /home/www/twiki/lib/TWiki/Sandbox.pm line 317.

The command to be executed was generated by Store::RcsWrap::_ci(). The tainted variable being $user. I tracked it down to Client::ApacheLogin::getUser(). If the returned value is untainted the error disappears.

I don't know if the following is correct and sufficient, but it works for me:

sub getUser {
    my $this = shift;
    my $query = $this->{twiki}->{cgiQuery};
    my $name;
    if (defined($query)) {
      $name = $query->remote_user();
      if ($name) {
        $name =~ /([a-zA-Z0-9]+)/ ;
        $name = $1;
      }
      return $name;
    }
    return undef;
}


I'm wondering if this is related to Item1559? Can you think of a way to reproduce this?

-- SP

Possibly caused by an old version of CGI.pm.

Untainted the user identity in Client.pm SVN 9163, SVN 9164

CC

Versions used by reporter:

  • CGI 3.01
  • CGI::Carp 1.27
  • CGI::Cookie 1.25
  • CGI::Session 4.03

TWiki:Main.UlfJastrow


Closed with the release of 4.0.2

KJL

ItemTemplate
Summary tainted username prevents exec()
ReportedBy TWiki:Main.UlfJastrow
Codebase

SVN Range build 8740
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 9163 9164
TargetRelease patch
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 2006-04-01 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback