Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Untainting system calls correctly

by c (Hermit)
on Apr 10, 2002 at 16:12 UTC ( [id://158057]=perlquestion: print w/replies, xml ) Need Help??

Help for this page

Select Code to Download


  1. or download this
               system "echo $arg";         # Insecure
           system "/bin/echo", $arg;   # Secure (doesn't use sh)
...

           $path = $ENV{'PATH'};       # $path now NOT tainted
           system "echo $data";        # Is secure now!
  2. or download this
    system "/usr/sbin/useradd $cli";
  3. or download this
    ## taint environmentals
$ENV{'PATH'} = "/bin:/usr/sbin";
...
  print "CLI is $cli";

  system("/usr/sbin/useradd $cli");
  4. or download this
    -s "/bin/false" -d "/home/clients/stage.domain.com/testcjm" -G "hostin
+g,domain" testcjm

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://158057]
Approved by dws
Front-paged by Maclir
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (6)
As of 2024-04-23 19:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found