| Subject: | Insecure dependency in exec while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm line 1076. |
Like #14155, this is a problem Munin encounters when it is restarted
during logfile rotation on FreeBSD.
The line in question is exec @{ $self->commandline }; in hup_server.
$self->commandline is not untainted in _get_commandline.
BTW, the detection for a relative path in the same sub isn't complete:
$script =~ m|^\.+/| A relative path starts with anything but a '/', not
just a '.'.
Patch attached.
| Subject: | Net-Server.patch |
--- /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm.orig Mon Dec 5 22:13:04 2005
+++ /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm Mon Jan 16 16:26:49 2006
@@ -133,6 +133,7 @@
### see if we can find the full command line
if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
my $line = do { local $/ = undef; <_CMDLINE> };
+ ($line) = $line =~ /^(.*)$/; # untaint
close _CMDLINE;
if ($line) {
return [split /\0/, $line];
@@ -140,7 +141,8 @@
}
my $script = $0;
- $script = $ENV{'PWD'} .'/'. $script if $script =~ m|^\.+/| && $ENV{'PWD'}; # add absolute to relative
+ $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| && $ENV{'PWD'}; # add absolute to relative
+ ($script) = $script =~ /^(.*)$/; # untaint
return [ $script, @ARGV ]
}