Hi List
I am running a CGI-Script that should write a file to a remote FTP-Server.
$SAFE - level is set to 1
Ruby’s version is 1.6.7 (2002-03-01) [i686-linux]
Here’s (in short) what I am trying to do
#!/usr/bin/env ruby
$SAFE = 1
require “net/ftp”
ftp = Net::FTP.new(“62.12.133.20”, “test”, “test”)
ftp.puttextfile(“test/data/0103.txt”, “somefile.txt”)
Here’s what I get
ruby ./test.rb
/usr/local/lib/ruby/1.6/net/ftp.rb:175:inopen': Insecure operation - open (SecurityError) from /usr/local/lib/ruby/1.6/net/ftp.rb:175:in
makeport’
from /usr/local/lib/ruby/1.6/net/ftp.rb:209:intransfercmd' from /usr/local/lib/ruby/1.6/net/ftp.rb:328:in
storlines’
from /usr/local/lib/ruby/1.6/net/ftp.rb:327:inmon_synchronize' from /usr/local/lib/ruby/1.6/net/ftp.rb:327:in
storlines’
from /usr/local/lib/ruby/1.6/net/ftp.rb:413:in `puttextfile’
from ./test.rb:7
I’ve tracked my Problem down to TCPsocket.open(host, port).
Both arguments (host, port) are untainted when open is invoked.
However the return value sock has sock.addr[3].tainted? == true
Any suggestions what I could do?
t.i.a.
Hannes