Danger! mailbrowse.pl
I think you folks ought to consider pulling Tim Pozar's Perl
script, or adding a warning (and disclaimer?). There are some serious
security problems with it. I've sent Tim some suggestions, and expected him
to send you a new script, but if anyone puts that baby on their server as-is,
they're asking for trouble.
Ciao,
Peter Watkins
pwatkins@george.ama-assn.org
Peter,
As you know, the problem with the original script is that it lets you
pass arbitrary data to the system. While Randal Schwartz asserts that the
entire script could and should be rewritten in 15 lines or less using LWP::Simple,
Lincoln Stein offers two solutions.
You could just meta-escape all nonword characters with something like
this:
$safer_url = "\Q$url";
$safer_url will now have backslashes in front of all metacharacters,
and will no longer be vulnerable to shell interpretation. An even better way
would be to use the list form of exec(); that is:
system "/usr/bin/lynx ",$url;
rather than system
"/usr/bin/lynx $url";
We've passed this information along to Tim Pozar, and a modified script
(
|
