Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is Perl's taint mode useful?

Tags:

perl

taint

perl -T 

Do you use it? Does it help you finding security holes in your Perl scripts?

like image 395
Juanjo Conti Avatar asked Feb 09 '10 10:02

Juanjo Conti


People also ask

What is taint mode in Perl?

Taint mode is used to keep track of the data coming from the user and avoids doing anything insecure with it. When it is enabled, every variable is monitored by Perl to check whether it is tainted or not. Tainted data is any data that comes from outside the code.

What is a tainted variable?

Overview. The concept behind taint checking is that any variable that can be modified by an outside user (for example a variable set by a field in a web form) poses a potential security risk. If that variable is used in an expression that sets a second variable, that second variable is now also suspicious.

What is taint mode in Perl?

In Perl, taint mode is a way to make our code more secure. It makes our program fussier about the data that it receives from an external source. The external source means the users, the file system, the environment, locale information, and some system calls.

Should I use taint mode when accepting external data?

When accepting external data you should always program defensively and use taint mode to ensure that the external data matches your expectations. Some people argue that taint mode should always be used as it forces you to consider the implications of your use of external data.

Should I use taint mode in CGI?

Certainly as a minimum, any CGI application should use taint mode. When accepting external data you should always program defensively and use taint mode to ensure that the external data matches your expectations. Some people argue that taint mode should always be used as it forces you to consider the implications of your use of external data.

How to enable taint mode in hashbang?

To turn the taint mode on we just use -T flag in our hashbang line. Taint mode is used to keep track of the data coming from the user and avoids doing anything insecure with it. When it is enabled, every variable is monitored by Perl to check whether it is tainted or not. Tainted data is any data that comes from outside the code.


2 Answers

More than that :) it stops your security issues before they become one. It is not a security silver bullet of course... we used to use it (a few years back when I was involved in Perl projects) in any script that was exposed externally (i.e. any mod_perl app) and we found it very useful and made it our policy. It does a few checks and it is handy.. (anything makes things automated)

Perl Security - perlsec recommends it strongly too:

This flag [Taint mode] is strongly suggested for server programs and any program run on behalf of someone else, such as a CGI script. Once taint mode is on, it's on for the remainder of your script.

like image 70
ziya Avatar answered Oct 04 '22 07:10

ziya


Most definitely!

$ echo '`rm -rf /`' | perl -Te 'eval while <>' Insecure dependency in eval while running with -T switch at -e line 1, <> line 1.
like image 20
Greg Bacon Avatar answered Oct 04 '22 07:10

Greg Bacon