taint theory question (water)

taint theory question

water

created: 2004-07-02 07:14:38

perlmonks

node
author

prlmnks

node
author

Hi.

I know you should always use taint when taking data in from a web app, because somewhere down the road that data or data derived from that data might go into a database or a shell script or backticks or something dangerous. Right.

Question (more theory than practice): if you are 100% certain some data from a cgi arg is never going anywhere dangerous, does untainting really do anything? Say you take a value from a scipt, 'action', and the code does one of three actions based on the value, and has a fallthru 'unknown action attempt' mode. (And the actions are explicit and hardcoded, not &{$action}(@args) insanity, so hacking the form doesn't do anything but get you an unknown mode error.)

I'm sure the right answer is use taint nonetheless -- healthy paranoia -- but I am wondering.

water

Re: taint theory question

kiat

created: 2004-07-02 07:50:17

perlmonks

prlmnks

Hi water,

I suppose it's always a good practice to enable taint checking. It provides another layer of security. Also, in reality, most CGI programs are large or will get large eventually and as a result, you can never be 100% certain whether your code is secure.

Re: taint theory question

tilly

created: 2004-07-02 09:09:58

perlmonks

prlmnks

In the case that you describe, I'd specifically recommend using taint mode and leaving that incoming data tainted as a reminder that it isn't supposed to be used for anything else.

Re: taint theory question

husker

created: 2004-07-02 10:06:38

perlmonks

prlmnks

"does untainting really do anything?"

No, nothing constructive, if you are CERTAIN about your input.

Aye, there's the rub. You may be certain about your input today. How about 6 months from now? How about after the next person mods the app?

Better safe than sorry. Untaint it, even if you "know" it doesn't need it.