$SAFE and creating New objects (File)

Sorry for noob question
I’ve just installed mod_ruby

Trying to create new file and there an Insecure operation error.

SomeFile = File.new(“someFileName”, “w”)

What must i do then?

SomeFile = File.new("someFileName", "w")

"someFileName" is probably tainted because it came from the outside. You
must *carefully* verify that it's a valid filename and that you can use
the filename *safely* before trying to untaint it.

Guy Decoux

ביום שלישי, 18 בפברואר 2003, 14:33, \ כתב:

Trying to create new file and there an Insecure operation error.
SomeFile = File.new(“someFileName”, “w”)
What must i do then?
Is the filename is from GPC(Get/Post/Cookie) origin?

Hello ts,

“someFileName” is probably tainted because it came from the outside. You
must carefully verify that it’s a valid filename and that you can use
the filename safely before trying to untaint it.

“someFileName” is generated by me. All aperations are safe.
I am writing some my Own data into this file. How can i permit it?

Hello Idan,

Tuesday, February 18, 2003, 5:45:16 PM, you wrote:

Trying to create
new file and there an Insecure operation error.> SomeFile =
File.new(“someFileName”, “w”)> What must i do then?Is the filename
is from GPC(Get/Post/Cookie) origin?

yup. From post

"someFileName" is generated by me. All aperations are safe.
I am writing some my Own data into this file. How can i permit it?

What is the value of $SAFE ?

How "someFileName" is generated ? Can you post the script ?

Guy Decoux

Hi,

···

In message “Re: $SAFE and creating New objects (File)” on 03/02/18, “"RayZ" Andrew V Rumm” rayz@gloria-jeans.ru writes:

“someFileName” is generated by me. All aperations are safe.
I am writing some my Own data into this file. How can i permit it?

Show us the code and exact error messages.

						matz.

Can i upload any files elsewhere?
Any examples pls?

ts,

What is the value of $SAFE ?
$SAFE → 1
How “someFileName” is generated ? Can you post the script ?
But… it’s too big :slight_smile:

#!/bhome/part2/01/gloria/ruby/bin/ruby

require ‘mysql’
require ‘cgi’
require ‘templates’
require ‘…/site/global’
require ‘…/site/image’

cgi = CGI.new

action = cgi[‘action’][0].read.to_s
ImagesDir = “”

case action
when ‘add’
begin
category_id = cgi[‘category’][0].read

	sql = makeSQLconn()
		brand_id = sql.query("select brand_id from g_categories where id = #{category_id}").fetch_hash['brand_id'].to_i
	sql.close

	name =  cgi['name'][0].read
	description = cgi['description'][0].read

	if cgi.has_key? 'new'
		new_val = cgi['new'][0].read
		new = new_val == "on" ? 1 : 0
	else
		new = 0
	end
	Imagefile = cgi['image_file'][0].read
	Thumbfile = cgi['thumbnail_file'][0].read
	
	ImagesDir = DocumentRoot + "/images/models/images/"
	ThumbDir = DocumentRoot + "/images/models/thumbnails/"

	ImagecounterFile = File.new(ImagesDir + "count.txt", "r+")
	ThumbcounterFile = File.new(ThumbDir + "count.txt", "r+")

	newImageFilename = ImagecounterFile.read.strip.to_s.succ
	newThumbFilename = ThumbcounterFile.read.strip.to_s.succ

	ImagecounterFile.close()
	ThumbcounterFile.close()
	
	ImagecounterFile = File.new(ImagesDir + "count.txt", "w") 
	ThumbcounterFile = File.new(ThumbDir + "count.txt", "w") 

	ImagecounterFile.write(newImageFilename)
	ThumbcounterFile.write(newThumbFilename)
	ImagecounterFile.close()
	ThumbcounterFile.close()
	
	i_type, i_width, i_height, i_extension = []
	t_type, t_width, t_height, t_extension = []
	
	image = Image::Info.new Imagefile
	thumb = Image::Info.new Thumbfile
	
	i_type, i_width, i_height, i_extension = image.type, image.width, image.height, image.extension
	t_type, t_width, t_height, t_extension = thumb.type, thumb.width, thumb.height, thumb.extension

	i_path = "/images/models/images/" + newImageFilename + i_extension
	t_path = "/images/models/thumbnails/" + newThumbFilename + t_extension
	
	newImageF

Can i upload any files elsewhere?
Any examples pls?

Well, if you want to speak about multipart form values in cgi, you have in
the documentation

=== GET MULTIPART FORM VALUES

  require "cgi"
  cgi = CGI.new
  values = cgi['field_name'] # <== array of 'field_name'
  values[0].read # <== body of values[0]
  values[0].local_path # <== path to local file of values[0]
  values[0].original_filename # <== original filename of values[0]
  values[0].content_type # <== content_type of values[0]

and values[0] has StringIO or Tempfile class methods.

Guy Decoux

Well… it’s cutted.
Other code doesn’t matter.

This is an error message:

/bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68:in initialize': Insecure operation - initialize (SecurityError) from /bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68:innew’
from /bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68
from /bhome/part2/01/gloria/ruby/lib/ruby/1.6/apache/ruby-run.rb:70:in load' from /bhome/part2/01/gloria/ruby/lib/ruby/1.6/apache/ruby-run.rb:70:inhandler’
from ruby:0

Error at
newImageFile = File.new(ImagesDir + newImageFilename + i_extension, “w”)

···

“RayZ” Andrew V Rumm, web-developer, rayz@gloria-jeans.ru, icq #620578


    newImageFilename = ImagecounterFile.read.strip.to_s.succ
    newThumbFilename = ThumbcounterFile.read.strip.to_s.succ

These 2 String are tainted, they are read from a file.

Normally you need a lock, or your counter can have problems.

Guy Decoux

category_id = cgi[‘category’][0].read

sql = makeSQLconn()
brand_id = sql.query(“select brand_id from g_categories where id = #{category_id}”).fetch_hash[‘brand_id’].to_i
sql.close

name = cgi[‘name’][0].read
description = cgi[‘description’][0].read

if cgi.has_key? 'new’
new_val = cgi[‘new’][0].read
new = new_val == “on” ? 1 : 0
else
new = 0
end
Imagefile = cgi[‘image_file’][0].read
Thumbfile = cgi[‘thumbnail_file’][0].read

ImagesDir = DocumentRoot + "/images/models/images/"
ThumbDir = DocumentRoot + “/images/models/thumbnails/”

ImagecounterFile = File.new(ImagesDir + “count.txt”, “r+”)
ThumbcounterFile = File.new(ThumbDir + “count.txt”, “r+”)

newImageFilename = ImagecounterFile.read.strip.to_s.succ
newThumbFilename = ThumbcounterFile.read.strip.to_s.succ

ImagecounterFile.close()
ThumbcounterFile.close()

ImagecounterFile = File.new(ImagesDir + “count.txt”, “w”)
ThumbcounterFile = File.new(ThumbDir + “count.txt”, “w”)

ImagecounterFile.write(newImageFilename)
ThumbcounterFile.write(newThumbFilename)
ImagecounterFile.close()
ThumbcounterFile.close()

i_type, i_width, i_height, i_extension = []
t_type, t_width, t_height, t_extension = []

image = Image::Info.new Imagefile
thumb = Image::Info.new Thumbfile

i_type, i_width, i_height, i_extension = image.type, image.width, image.height, image.extension
t_type, t_width, t_height, t_extension = thumb.type, thumb.width, thumb.height, thumb.extension

i_path = “/images/models/images/” + newImageFilename + i_extension
t_path = “/images/models/thumbnails/” + newThumbFilename + t_extension

#-------------- This Line causes An Error
newImageFile = File.new(ImagesDir + newImageFilename + i_extension, “w”)
newThumbFile = File.new(ThumbDir + newThumbFilename + t_extension, “w”)

newImageFile.write(Imagefile)
newThumbFile.write(Thumbfile)
newImageFile.close()
newThumbFile.close()

         newImageFilename =

ImagecounterFile.read.strip.to_s.succ
newThumbFilename =
ThumbcounterFile.read.strip.to_s.succ

These 2 String are tainted, they are read from a file.
Normally you need a lock, or your counter can have problems.
Counter works properly…
Lock?

Hi,

···

In message “Re: $SAFE and creating New objects (File)” on 03/02/19, “"RayZ" Andrew V Rumm” rayz@gloria-jeans.ru writes:

/bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68:in initialize': Insecure operation - initialize (SecurityError) from /bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68:in new’
from /bhome/part2/01/gloria/vcgi/_admin/processmodel.rb:68
from /bhome/part2/01/gloria/ruby/lib/ruby/1.6/apache/ruby-run.rb:70:in load' from /bhome/part2/01/gloria/ruby/lib/ruby/1.6/apache/ruby-run.rb:70:in handler’
from ruby:0

Error at
newImageFile = File.new(ImagesDir + newImageFilename + i_extension, “w”)

This implies either ImagesDir, newImageFilename, i_extension is
tainted. I can’t tell further.

						matz.

Counter works properly...
Lock?

This is in case where 2 CGI scripts try to read/write in the same counter
file at the same time

The file can be corrupted, you must normally use a lock

pigeon% ri File#flock
------------------------------------------------------------- File#flock
     file.flock ( aLockingConstant ) -> 0 or false

···

------------------------------------------------------------------------
     Locks or unlocks a file according to aLockingConstant (a logical or
     of the values in Table 22.4 on page 312). Returns false if
     File::LOCK_NB is specified and the operation would otherwise have
     blocked. Not available on all platforms.
        File.new("testfile").flock(File::LOCK_UN) #=> 0

pigeon%

Guy Decoux