Open dinak99 opened 4 years ago
Thanks! Does it happen when you untaint the value being passed in?
Can you post a simplest-case reproduction case? Like a one liner for example.
Yes, even if I untaint it. It's is due to that the module gets the working directory inside itself.
An example: $ mkdir -p a/b $ perl -MFile::Copy::Recursive=rmove -Twe 'rmove("a","c")'
Ah, sorry! Notice that I'm using OpenBSD 6.6. Which uses the file Recursive.pm version:
$VERSION = '0.44';
$ perl -v This is perl 5, version 28, subversion 2 (v5.28.2) built for amd64-openbsd
We have ran into this issue. The code was working properly in version 0.38 on Debian 9. Then was ported to Rhel 8.7 with 0.40 and then updated via cpan to 0.45. Both 0.40 and 0.45 exhibit this issue even with sanitized data. We are on perl 5, version 26, subversion 3.
Let me know if you need additional information.
In file Recursive.pm at p5-File-Copy-Recursive.
I always use taint mode and now I'm getting: "Insecure dependency in chdir while running with -T switch at /usr/local/libdata/perl5/site_perl/File/Copy/Recursive.pm line 414."
Seems the variable $starting_point isn't sanitized.