Reputation: 8806
Vulnerabilities with open file
I am using the following code to open a file and write in it.
my $WlmScriptReportFile = "WlmScriptReport.out";
open (my $fh, '>',$WlmScriptReportFile) or die "Could not open report file $WlmScriptReportFile";
But this is detected as vulnerable(PrivilegeEscalation) as per the scanning tool I am using. I read some posts about this but this looks valid to me. Any pointer what is wrong in this?
Upvotes: 0
Views: 382
Answers (1)
Reputation: 385897
That command can be used to replace or clobber any file to which the process's user has sufficient access, or to create a file in any directory to which the process's user has sufficient access. This has all kinds of ramifications.
If the value of $WlmScriptReportFile is constructed in part or in whole from values outside of the control of the user as which program is running (potentially including the Current Work Directory), then the command could potentially be used maliciously.
Upvotes: 4
Related Questions
- perl open() injection prevention
- perl open file error handling
- Can reading a file be as dangerous as executing it
- perl unable to open the contents of the file
- Can't open file error in Perl
- Open File method in Perl
- opening file in perl gives errors?
- Perl open() and grep
- Concerning the open() function... file does not exist
- Perl: Opening File