[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000817: varget problem: segmentation fault

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.


  • Subject: 20000817: varget problem: segmentation fault
  • Date: Thu, 17 Aug 2000 08:55:06 -0600

Bill,

>Date: Wed, 16 Aug 2000 16:49:04 -0700
>From: "William R Moninger" <address@hidden>
>Organization: NOAA/FSL
>To: Steve Emmerson <address@hidden>
>Subject: Re: 20000816: varget problem: segmentation fault
>Keywords: 200008161736.e7GHaON16062

The above message contained the following:

> talk about obscure!  It looks like the problem was caused by perl's
> Taint flag (always a good thing to use).

I have to admit, I've never used the "taint" flag.

My perl manual page says this about the "taint" flag:

     -T   forces "taint" checks to be turned on so you can test
          them.  Ordinarily these checks are done only when
          running setuid or setgid.  It's a good idea to turn
          them on explicitly for programs that run on behalf of
          someone else whom you might not necessarily trust, such
          as CGI programs or any internet servers you might write
          in Perl.  See the perlsec manpage for details.  ...

Are you executing the perl script setuid or setgid?

> The $filename variable was tainted because it was made up of variables
> that included $ARG[m].  Apparently some of the netCDF routines don't
> care about tainted variables, but ncvarget does.
> 
> When I untaint the variable as follows:
>     # untaint the filename
>     $filename =~ /(.*)/;
>     $filename = $1;
> 
> the problem seems to go away.  It also goes away if I remove the taint
> flag.  
> 
> I'm not certain this is the end of the problem--I recall having a
> similar problem in an earlier perl script that used the netCDF module
> and I made that disappear by adding a few no-op lines of code.  (That
> wasn't a solution I was very happy with.)  
> 
> I wonder if you can duplicate this on your installation?

I can try, but I don't know when I'll get around to it.

Regards,
Steve Emmerson   <http://www.unidata.ucar.edu>