473,573 Members | 2,734 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help untaining the command. Insecure dependency in `` ... setuid

Hi, I have following statements

@filename = split("_", $cgi->param ('filename')); //similar multiline
code

$env_profile = $cgi->param ('env_profile') ;
$command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
-D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
-B$branch -R$code";

#env_profile = test.env_profil e.john_13 (for example)
@retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
"$env_profi le" >&1`;

It gives me "Insecure dependency in `` while running setuid" error at
the last line for @retstr.

How can I untaint $command and $env_profile, while both have special
characters as well. Its a test application for my testing purposes
only, so I don't care much about security here.

Thanks,
Dil
Jul 19 '05 #1
0 1877

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
4912
by: Ben Eisenberg | last post by:
I'm trying to run a php script setuid. I've tried POSIX_setuid but you have to be root to run this. The files are located on a public access unix system and have me as the owner and nobody as the group. Rather than make them group writable where in anybody could make a script and write to my files i would like to make them setuid. I tried...
2
1674
by: Harold Crump | last post by:
Greetings, I am building a database-driven PHP application. Part of that app needs to run over SSL for gathering private data. Now, when someone purchases a certificate, the domain name is hard-coded on the certificate, right? If so, how can I run part of the application in regular mode (http) and the rest in secure mode (https)?
0
1498
by: Dave Harrison | last post by:
hi again, Im clearly a moron, and have solved the problem myself, due to a wish to avoid dire embarrasment I shall not reveal the stupid mistake I made ;-) Apologies for the inconvenience Dave > hi all, >
6
461
by: Matthew K Jensen | last post by:
I am a young programmer with his big break on the line. For some reason, small apps that I've written and compiled on an XP machine won't work on anything but XP machines. I can't find any clue as to what's going on. Is the problem py2exe or something in my own scripts? I am at the end of my rope and I'm hoping someone out there can give me a...
2
3072
by: Rajesh | last post by:
Can someone provide me a sample C program to set the uid? The requirement is the batch id 'abatchid' should be the one who can copy a file from foldera to folderb. But the user who does not have privilege to run this command, should be able to run the C program, which setuid of the batch id and runs it. The program should take 2 parameters,...
3
3762
by: Tiago Simões Batista | last post by:
Hello all I have a situation that requires that a python script, that is run from a webpage (via php exec()) must be run with root privileges. The sysadmin already set the setuid bit on the script, but it still fails when it tries to write to any file that only root has write access to. I read somewhere that any scripts that start with...
2
2526
by: Stu | last post by:
Is there anyway to tell if a setuid() call has been made to some other user? If so, can somebody provide me with some sample code Thanks in advance to all that answer
2
5452
by: kokul | last post by:
Hi friends, I get a value from the html page using cgi->param function. Then i want to pass this value to access database. But it showing some error...I'll explain the details.. sub my_func { my $id = cgi->param('id'); print "ID is $id"; //its works fine. value od id is 22 Now i want to pass this value to select the...
5
1571
by: amalprakash3220 | last post by:
Hi, I want to implement a Web based System administration page in PHP. I'm planning to use apache server, mySQL and Ubuntu/debian. Can I implement it using the functions passthru(),exec() and system(). I want it to have functions like creating user accounts,changing file permissions and all that you can do using linux commands.What is the...
0
7669
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7987
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8036
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6361
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5557
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5262
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3702
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
2167
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
1000
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.