perl "Insecure dependency in `` while running setuid"

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • 123jainmin
    New Member
    • Aug 2006
    • 3
    #1

    perl "Insecure dependency in `` while running setuid"

    When I ran a perl script named script.pl which have the the follwing line:
    system("echo hostname = $HOSTNAME > /tmp/myinfo");
    I have another shell script script.ksh which simply call script.pl within the script. the permission on script.ksh is: -rwsr-sr-x
    WHen I ran script.ksh, I got the error message:
    Insecure dependency in `` while running setuid at script.pl line 4.
    If I do not use $HOSTNAME in script.pl, I have no trouble at all.
    Could someone help me on this? Looks like setuid and $HOSTNAME variable cannot work together.

    Thanks in advance.
    Tags: None
    • bharad
      New Member
      • Aug 2006
      • 7
      #2
      make sure you untaint the data before executing the scripts.

      try this
      if ($HOSTNAME =~ /^([ &:#-\@\w.]+)$/) {
      $HOSTNAME = $1; #data is now untainted
      } else {
      print "bad data\n";
      }

      -bharad


      Originally posted by 123jainmin
      When I ran a perl script named script.pl which have the the follwing line:
      system("echo hostname = $HOSTNAME > /tmp/myinfo");
      I have another shell script script.ksh which simply call script.pl within the script. the permission on script.ksh is: -rwsr-sr-x
      WHen I ran script.ksh, I got the error message:
      Insecure dependency in `` while running setuid at script.pl line 4.
      If I do not use $HOSTNAME in script.pl, I have no trouble at all.
      Could someone help me on this? Looks like setuid and $HOSTNAME variable cannot work together.

      Thanks in advance.

        Comment

        • 123jainmin
          New Member
          • Aug 2006
          • 3
          #3
          Thank you so much! it works.

            Comment

            Previous template Next
            Working...