Error reading file in tainted mode

Question

I am a trying to use taint mode. I want to open a file based on user input and open a file to read data. Below is my code

#!/usr/bin/perl -w
use strict;
use warnings;

my $name = $ARGV[0];
my $file = "/Desktop/data/$name";

open MYFILE, "$file" or die $!;


while (<MYFILE>) {
    chomp;
    print "$_\n";
}
close(MYFILE);

case 1) When I run file using perl -w filename.pl input.txt I am able to read data from the file.

case 2) When I change the

#!/usr/bin/perl -w
to
#!/usr/bin/perl -T

and run the file using perl -T filename.pl input.txt I am still able to read the data.

case 3)When I change file to open in write mode and run in tainted mode I get correct output as,

Insecure dependency in open while running with -t switch at test1.pl line 8.

What might be issue with case two scenarios? Or is that a correct behavior?

Is it allowed to open a file in taint mode for reading?

Answer 1

This is correct behaviour for taint mode. The documentation specifies:

You may not use data derived from outside your program to affect something else outside your program--at least, not by accident.

[...]

$arg = shift; # $arg is tainted

[...]

If you try to do something insecure, you will get a fatal error saying something like "Insecure dependency" or "Insecure $ENV{PATH}".

(edit: missed some stuff):

Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes, with the following exceptions:

• Arguments to print and syswrite are not checked for taintedness.

(This is why the read-mode example doesn't complain about the file data.)

Command-line arguments are potentially insecure, and so are tainted until specified otherwise.

To determine whether data is tainted:

To test whether a variable contains tainted data, and whose use would thus trigger an "Insecure dependency" message, you can use the tainted() function of the Scalar::Util module, available in your nearby CPAN mirror, and included in Perl starting from the release 5.8.0.

To untaint data:

[...]the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern. That means using a bit of thought--don't just blindly untaint anything, or you defeat the entire mechanism. It's better to verify that the variable has only good characters (for certain values of "good") rather than checking whether it has any bad characters. That's because it's far too easy to miss bad characters that you never thought of.

(with a warning for use locale):

If you are writing a locale-aware program, and want to launder data with a regular expression containing \w, put no locale ahead of the expression in the same block. See SECURITY in perllocale for further discussion and examples.

Answer 2

This prevents the following from wiping out your hard drive:

perl script.pl '| rm -rf /'

Solution: Use the form of open that only accepts a file name.

open(my $fh, '<', $ARGV[0])