Security aware programming(10)

• Format string example:

• #!/usr/bin/perl -T

• $ENV{'PATH'} = "/bin:/usr/bin";

• $v0 = shift; $v1 = shift; $v2 = "bar";

• printf($v0, $v1, $v2);

• printf("\nv2 = %s\n", $v2);

• $ ./taint-format.pl '%s%s' foo

• foobar

• v2 = bar

• $ ./taint-format.pl '%s%n' foo

• foo

• v2 = 3 # v2 is now tainted (if -T)