473,699 Members | 2,377 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help untaining the command. Insecure dependency in `` ... setuid

Hi, I have following statements

@filename = split("_", $cgi->param ('filename')); //similar multiline
code

$env_profile = $cgi->param ('env_profile') ;
$command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
-D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
-B$branch -R$code";

#env_profile = test.env_profil e.john_13 (for example)
@retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
"$env_profi le" >&1`;

It gives me "Insecure dependency in `` while running setuid" error at
the last line for @retstr.

How can I untaint $command and $env_profile, while both have special
characters as well. Its a test application for my testing purposes
only, so I don't care much about security here.

Thanks,
Dil
Jul 19 '05 #1
0 1886

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
4932
by: Ben Eisenberg | last post by:
I'm trying to run a php script setuid. I've tried POSIX_setuid but you have to be root to run this. The files are located on a public access unix system and have me as the owner and nobody as the group. Rather than make them group writable where in anybody could make a script and write to my files i would like to make them setuid. I tried making a c prog with the setuid function. I used chmod and made it setuid. I called it with the system...
2
1676
by: Harold Crump | last post by:
Greetings, I am building a database-driven PHP application. Part of that app needs to run over SSL for gathering private data. Now, when someone purchases a certificate, the domain name is hard-coded on the certificate, right? If so, how can I run part of the application in regular mode (http) and the rest in secure mode (https)?
0
1502
by: Dave Harrison | last post by:
hi again, Im clearly a moron, and have solved the problem myself, due to a wish to avoid dire embarrasment I shall not reveal the stupid mistake I made ;-) Apologies for the inconvenience Dave > hi all, >
6
461
by: Matthew K Jensen | last post by:
I am a young programmer with his big break on the line. For some reason, small apps that I've written and compiled on an XP machine won't work on anything but XP machines. I can't find any clue as to what's going on. Is the problem py2exe or something in my own scripts? I am at the end of my rope and I'm hoping someone out there can give me a pointer of two. Respectfully with full recognition that a lot of you are smarter than me, Matt...
2
3076
by: Rajesh | last post by:
Can someone provide me a sample C program to set the uid? The requirement is the batch id 'abatchid' should be the one who can copy a file from foldera to folderb. But the user who does not have privilege to run this command, should be able to run the C program, which setuid of the batch id and runs it. The program should take 2 parameters, one source folder/file and the second one destination folder/file. Thanks for your help
3
3769
by: Tiago Simões Batista | last post by:
Hello all I have a situation that requires that a python script, that is run from a webpage (via php exec()) must be run with root privileges. The sysadmin already set the setuid bit on the script, but it still fails when it tries to write to any file that only root has write access to. I read somewhere that any scripts that start with "#!" will no
2
2530
by: Stu | last post by:
Is there anyway to tell if a setuid() call has been made to some other user? If so, can somebody provide me with some sample code Thanks in advance to all that answer
2
5463
by: kokul | last post by:
Hi friends, I get a value from the html page using cgi->param function. Then i want to pass this value to access database. But it showing some error...I'll explain the details.. sub my_func { my $id = cgi->param('id'); print "ID is $id"; //its works fine. value od id is 22 Now i want to pass this value to select the name of that id.
5
1575
by: amalprakash3220 | last post by:
Hi, I want to implement a Web based System administration page in PHP. I'm planning to use apache server, mySQL and Ubuntu/debian. Can I implement it using the functions passthru(),exec() and system(). I want it to have functions like creating user accounts,changing file permissions and all that you can do using linux commands.What is the best way to do it ? Can it be done without using perl ?
0
9184
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9042
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8929
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8891
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6538
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5878
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4380
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4634
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
2013
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.