1 / 7

Perl: TAINT mode

Perl: TAINT mode. CS4236 Tutorial 8, question 7 Luc Charpentier. Why do you need TAINT mode?. Are web CGI scripts really secured? Do you check if a script is secured when you download it ? Do you read it before use ? NO !!. What is TAINT mode ?.

keena
Download Presentation

Perl: TAINT mode

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Perl: TAINT mode CS4236 Tutorial 8, question 7 Luc Charpentier

  2. Why do you need TAINT mode? • Are web CGI scripts really secured? • Do you check if a script is secured when you download it ? • Do you read it before use ? NO !!

  3. What is TAINT mode ? • TAINT mode puts a Perl script into "PARANOID" mode and treats ALL user supplied input as tainted and bad unless the programmer explicitly "OKs" the data. • Taint basically halts any data being sent through eval, system, exec, or open calls…

  4. How to use it ? • If you use Perl 5: #!/usr/local/bin/perl -T • If you use Perl 4: #!/usr/local/bin/taintperl

  5. Other mode • Strict mode : Alert you to common syntax errors • Warning mode: Alert you to common bugs None of these are capable of writing secure code for you !!

  6. What does it alleviate ? • Neglect to consider and take care of special situations. • We always assume that the input are valid : easier to code (enough buffer size, input file exist…) • We Always think about normal condition of use. • But a Hacker can find specific condition under those the result can be disastrous.

  7. Conclusion • Easy to write small secure script, difficult to write big secure script. • Perl mode are here to help the programmer. • TAINT forces you as a programmer to think about what you are doing with outside data. This mode is only to help you, it won’t find all the problems !!

More Related