Discuss Version 0.60 DevTrack

You are viewing Revision 10 of Discuss_Version_0.60_DevTrack

This page is registered as a special page, however you are viewing a previous revision of the page. As such, the special page function will not be triggered.

Taint mode (-T) is turned on, however not all shell expansions are untainted. This will generate errors in some installations (apparently not in my dev environment though... weird).

Here are the lines that include shell expansion:

654:    $line =~ s#\`{1}(.*?)\`{1}#<tt>$1</tt>#g;
741:    '`<tt>teletype</tt>`</dd>'.
1400:    $diff = `diff $TempDir/old $TempDir/new`;
1516:  my $diff = `diff $TempDir/old $TempDir/new`;
1645:  print $q->p("perl: ".`perl -v`);
1646:  print $q->p("diff: ".`diff --version`);
1647:  print $q->p("grep: ".`grep --version`);
1648:  print $q->p("awk: ".`awk --version`);
2289:  chomp(my @files = `grep -Prl '$Param{'search'}' $PageDir`);
2990:  my $diff = `diff $TempDir/old $TempDir/new`;
3179:  chomp(my @counts = split(/\n/,`grep ^$UserIP $VisitorLog | awk '\$2>$spts'`));

For sure lines 1400, 1516, 2289, 2990, and 3179 should be examined closely.

-- AaronGraves Thu Jun 23 03:57:33 UTC 2016 (107.167.108.182)

Lines 1400, 1516, 2289, and 2990 have been untainted. 3179 (now 3194) remains.

-- AaronGraves Thu Jun 23 04:21:45 UTC 2016 (107.167.108.182)

Some untainting methods: http://www.perlmonks.org/?node_id=516577

-- AaronGraves Thu Jun 23 16:10:23 UTC 2016 (107.167.108.182)

In DoSearch, line 2394:

open my($FILES), "grep -Erli '($search|$altsearch)' $PageDir 2>/dev/null |";

This needs to be untainted too.

-- AaronGraves Thu Jun 23 17:15:55 UTC 2016 (107.167.108.182)

In addition to the above, this will have to be corrected in ListAllFiles, ListAllTemplates, and ListDeletedPages.

-- AaronGraves Thu Jun 23 17:33:21 UTC 2016 (107.167.108.182)

For untainting, see https://github.com/ajgraves/aneuch/issues/32

-- AaronGraves Fri Jun 24 04:23:51 UTC 2016 (107.167.108.182)

For 3179 I would suggest something like this for line 253: $UserIP = $q->remote_addr; #$ENV{'REMOTE_ADDR'};

if ($UserIP =~ /^([0-9.]+)$/) { $UserIP=$1; } else { $UserIP='000.000.000.000'; # Redirect to an error page instead? }

-- Russ Sun Jun 26 19:21:16 UTC 2016 (24.113.55.207)

Thanks Russ, actually what I used was:

my ($UIP) = ($UserIP =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/g);   # nnn.nnn.nnn.nnn

-- AaronGraves Tue Jun 28 01:33:48 UTC 2016 (107.167.108.182)

Untainting should be completed.

-- AaronGraves Tue Jun 28 19:50:40 UTC 2016 (107.167.116.86)

I re-downloaded aneuch.pl today and think I found two more: 2869: unlink $file; (DoMaintPurgeTemp) 1384: if(! -d "$PageDir/$archive") { mkdir "$PageDir/$archive"; } (WritePage)

-- Russ Mon Jul 4 03:46:58 UTC 2016 (24.113.55.207)