Taint mode

 
Post new topic   Reply to topic    Aprelium Forum Index -> Perl
View previous topic :: View next topic  
Author Message
Stumped
Guest





PostPosted: Sat Oct 19, 2002 5:05 pm    Post subject: Taint mode Reply with quote

I've tried unsuccessfully to use the taint mode with scripts by adding -T to the shebang line and including regular expressions to untaint incoming data. The scripts fail and I have a message in the error log that it's "too late for -T option." Do the cgi parameters need to be set differently or is there some other solution? Thanks...
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Sat Oct 19, 2002 11:58 pm    Post subject: Re: Taint mode Reply with quote

Stumped wrote:
I've tried unsuccessfully to use the taint mode with scripts by adding -T to the shebang line and including regular expressions to untaint incoming data. The scripts fail and I have a message in the error log that it's "too late for -T option." Do the cgi parameters need to be set differently or is there some other solution? Thanks...

What system are you using (Linux/Windows) ?
Second how do you have CGI set up ? Do you have Perl associated to an extension ? Or do it rely entirely on the #! line ?
We've found an FAQ about the taint mode which may help at http://gunther.web66.com/FAQS/taintmode.html .
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
stumped
Guest





PostPosted: Sun Oct 20, 2002 5:36 am    Post subject: RE: Taint Mode Reply with quote

Thanks for pointing me in the right direction. I had read the Gunther article, but missed the answer. All I had to do was change the shebang line to read as follows:

#!c:\per\bin\perl.exe -T

C is where I have PERL installed on my system. By the way, I have Windows OS. Also, it appears that I didn't need to change CGI parameter settings to "resolve interpreter using script's #! line." I left the setting at NO and taint mode seems to work fine with only the above change to the shebang line. Thank you so much!!
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Sun Oct 20, 2002 9:07 pm    Post subject: Re: RE: Taint Mode Reply with quote

stumped wrote:
Thank you so much!!

Thanks :D
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
DLashley
-


Joined: 18 Dec 2002
Posts: 207
Location: New York, NY

PostPosted: Sat Dec 21, 2002 7:18 am    Post subject: Error Messages in "cgi.log"! Reply with quote

I tried setting up one of my scripts in "taint mode" by adding the path to Perl with the -T after it on the first line of the script, but it didn't work. I accessed the cgi.log, and got this error message:


Code:

Can't locate DBI.pm in @INC (@INC contains: C:/Perl/lib C:/Perl/site/lib .) at mysql_setpermission.pl line 27.
BEGIN failed--compilation aborted at mysql_setpermission.pl line 27.
Can't locate DBI.pm in @INC (@INC contains: C:/Perl/lib C:/Perl/site/lib .) at mysql_setpermission.pl line 27.
BEGIN failed--compilation aborted at mysql_setpermission.pl line 27.
Too late for "-T" option at gm.pl line 1.
Too late for "-T" option at gm.pl line 1.
Too late for "-T" option at gm.pl line 1.



What does this mean, and how can I fix it??? :(

Please help. Thanks in advance!
_________________
DLashley
Back to top View user's profile Send private message Visit poster's website
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Sun Dec 22, 2002 3:46 pm    Post subject: Re: Error Messages in "cgi.log"! Reply with quote

DLashley wrote:
I tried setting up one of my scripts in "taint mode" by adding the path to Perl with the -T after it on the first line of the script, but it didn't work. I accessed the cgi.log, and got this error message:


Code:

Can't locate DBI.pm in @INC (@INC contains: C:/Perl/lib C:/Perl/site/lib .) at mysql_setpermission.pl line 27.
BEGIN failed--compilation aborted at mysql_setpermission.pl line 27.
Can't locate DBI.pm in @INC (@INC contains: C:/Perl/lib C:/Perl/site/lib .) at mysql_setpermission.pl line 27.
BEGIN failed--compilation aborted at mysql_setpermission.pl line 27.
Too late for "-T" option at gm.pl line 1.
Too late for "-T" option at gm.pl line 1.
Too late for "-T" option at gm.pl line 1.



What does this mean, and how can I fix it??? :(

Please help. Thanks in advance!

The workaround is already described above. Just be sure that Abyss Web Server uses the #! line to resolve the interpreter of the script (See the CGI Parameters.)
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
DLashley
-


Joined: 18 Dec 2002
Posts: 207
Location: New York, NY

PostPosted: Sun Dec 22, 2002 8:42 pm    Post subject: Reply with quote

Ok, so I'm not 100% sure about this, but I think the error message is saying that I've got to install this Perl module (DBI.pm) into either of the 2 locations mention above to stop getting that error message, right? :?

Please confirm if I'm right, and I promise to stop bothering you. lol.

I already have my CGI Parameters setup to resolve scripts with the #! line in the script, and my path to Perl is set to "#!C:\Perl\bin\perl.exe" - which is correct.

Thank you so much for helping me! :D
_________________
DLashley
Back to top View user's profile Send private message Visit poster's website
DLashley
-


Joined: 18 Dec 2002
Posts: 207
Location: New York, NY

PostPosted: Sun Dec 22, 2002 10:22 pm    Post subject: Reply with quote

Update: I did some more reading, and found out that ActiveState Perl comes with PPM (Perl Package Manager). I ran "ppm.bat" and it started PPM for me in a DOS window. I then used the command:

install dbi

install dbi y/n? y

It then connected to the Internet, downloaded and installed DBI.pm for me, and guess what??? NO more error messages in my cgi.log! I'll try using the -T (Taint mode) again later on. I've gotta force myself to get offa this thing and go eat now. lol

Not bad for a newbie, huh? :mrgreen:
_________________
DLashley
Back to top View user's profile Send private message Visit poster's website
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Mon Dec 23, 2002 1:16 am    Post subject: Reply with quote

DLashley wrote:
Update: I did some more reading, and found out that ActiveState Perl comes with PPM (Perl Package Manager). I ran "ppm.bat" and it started PPM for me in a DOS window. I then used the command:

install dbi

install dbi y/n? y

It then connected to the Internet, downloaded and installed DBI.pm for me, and guess what??? NO more error messages in my cgi.log! I'll try using the -T (Taint mode) again later on. I've gotta force myself to get offa this thing and go eat now. lol

Not bad for a newbie, huh? :mrgreen:

Not bad... You are doing what some programmers call "try and learn"... :D
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
DLashley
-


Joined: 18 Dec 2002
Posts: 207
Location: New York, NY

PostPosted: Tue Dec 24, 2002 2:58 am    Post subject: Reply with quote

I sure am. lol.

Well, I've managed to get Abyss, Perl, PHP, and MySQL up and running error-free, but even though phpMyAdmin isn't giving me any error messages any more, I tried to install this PHP/MySQL script last night, and got a bunch of error messages on the output page. lol.

The error messages I got lead me to believe that I don't have either my phpMyAdmin configuration file or the MySQL configuration file setup correctly. It's got to be one or both of them.

Oh well, back to the drawing board... :?
_________________
DLashley
Back to top View user's profile Send private message Visit poster's website
beehive
-


Joined: 04 Jun 2003
Posts: 1

PostPosted: Wed Jun 04, 2003 6:50 am    Post subject: having problems with -T Reply with quote

Hi,

I'm getting the "too late for -t option" error as well. I changed the shebang line to #!C:\Perl\bin\perl.exe which is right for my path and tried changing the abyss config to use the first line as the interpreter path but I'm still getting that error. (If I take out the -T there's no errors.) Is there something I've missed?

Thanks a lot
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Perl All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group