{"description": "If the <tt>mod_perl</tt> module is installed, enable Perl Taint checking in\n<tt>/etc/httpd/conf/httpd.conf</tt>. To enable Perl Taint\nchecking, add or uncomment the following to <tt>/etc/httpd/conf.d/perl.conf</tt>:\n<pre>PerlSwitches -T</pre>", "rationale": "PERL (Practical Extraction and Report Language) is an interpreted language\noptimized for scanning arbitrary text files, extracting information from those\ntext files, and printing reports based on that information. The language is\noften used in shell scripting and is intended to be practical, easy to use, and\nefficient means of generating interactive web pages for the user. Unfortunately,\nmany widely available freeware PERL programs (scripts) are extremely insecure.\nThis is most readily accomplished by a malicious user substituting input to a\nPERL script during a POST or a GET operation.\n<br /><br />\nConsequently, the founders of\nPERL have developed a mechanism named TAINT that protects the system from\nmalicious input sent from outside the program. When the data is tainted, it\ncannot be used in programs or functions such as eval(), system(), exec(), pipes,\nor popen(). The script will exit with a warning message.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify if the <tt>mod_perl</tt> is installed, run the following command:\n<pre>$ rpm -qa | grep mod_perl</pre>\nIf the <tt>mod_perl</tt> module is installed, verify that <tt>PerlSwitches -T</tt>\nis enabled in <tt>/etc/httpd/conf.d/perl.conf</tt> by running the following\ncommand:\n<pre>$ grep -i \"PerlSwitches -T\" /etc/httpd/conf.d/perl.conf</pre>\nThe output should return uncommented:\n<pre>PerlSwitches -T</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Configure HTTP PERL Scripts To Use TAINT Option", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml", "template": null}