Hi, I have following statements
@filename = split("_", $cgi->param ('filename')); //similar multiline
code
$env_profile = $cgi->param ('env_profile') ;
$command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
-D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
-B$branch -R$code";
#env_profile = test.env_profil e.john_13 (for example)
@retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
"$env_profi le" >&1`;
It gives me "Insecure dependency in `` while running setuid" error at
the last line for @retstr.
How can I untaint $command and $env_profile, while both have special
characters as well. Its a test application for my testing purposes
only, so I don't care much about security here.
Thanks,
Dil
@filename = split("_", $cgi->param ('filename')); //similar multiline
code
$env_profile = $cgi->param ('env_profile') ;
$command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
-D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
-B$branch -R$code";
#env_profile = test.env_profil e.john_13 (for example)
@retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
"$env_profi le" >&1`;
It gives me "Insecure dependency in `` while running setuid" error at
the last line for @retstr.
How can I untaint $command and $env_profile, while both have special
characters as well. Its a test application for my testing purposes
only, so I don't care much about security here.
Thanks,
Dil