Pod::Usage and Taint Mode

ghenry has asked for the wisdom of the Perl Monks concerning the following question:

Dear all,

Has anyone done a workaround or similar when using Pod::Usage and Taint Mode, with the --man option?

I keep getting on Linux (Fedora Core 5, perl 5.8.8):

Insecure dependency in system while running with -T switch at /usr/lib
+/perl5/5.8.8/Pod/Usage.pm line 547.
[download]

Script code has:

pod2usage( -verbose => 2 ) if $options{man};
[download]

and offending Pod::Usage code is:

539     ## Now translate the pod document and then exit with the desir
+ed status
540     if ( !$opts{"-noperldoc"}
541              and  $opts{"-verbose"} >= 2
542              and  !ref($opts{"-input"})
543              and  $opts{"-output"} == \*STDOUT )
544     {
545        ## spit out the entire PODs. Might as well invoke perldoc
546        my $progpath = File::Spec->catfile($Config{scriptdir}, "per
+ldoc");
547        system($progpath, $opts{"-input"});
548     }
549     else {
550        $parser->parse_from_file($opts{"-input"}, $opts{"-output"})
+;
551     }
552
553
[download]

Thanks,
Gavin.

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Comment on Pod::Usage and Taint Mode Select or Download Code

Replies are listed 'Best First'.
Re: Pod::Usage and Taint Mode by herveus (Prior) on May 26, 2006 at 11:19 UTC
Howdy! Off the top of my head, I'd suspect $ENV{PATH} as the offending item. I'd try setting $ENV{PATH} (possibly to '' unless you need it elsewhere) to some fixed value to untaint it. yours, Michael	[reply]
Re^2: Pod::Usage and Taint Mode by ghenry (Vicar) on May 26, 2006 at 13:09 UTC
Nah, that's already been done ;-) Here are some quick read links: Pod docs Syntax highlighted HTML For reference, here is the complete program: Read more... (34 kB) The `--man` option is the only thing left to fix. Thanks, Gavin. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply] [d/l] [select]
Re^3: Pod::Usage and Taint Mode by mamawe (Sexton) on May 05, 2009 at 14:36 UTC
> The --man option is the only thing left to fix. Excuse me for reviving the thread but I had the same problem today and found a working solution elsewhere on the web that I would like to appear here: `pod2usage({-verbose => 2, -input => \DATA});` [download] or, if called inside a package `pod2usage({-verbose => 2, -input => \::DATA});` [download]	[reply] [d/l] [select]
Re^4: Pod::Usage and Taint Mode by ghenry (Vicar) on May 15, 2009 at 23:16 UTC
Re: Pod::Usage and Taint Mode (%opts) by tye (Sage) on May 26, 2006 at 14:42 UTC
I'd guess you need to untaint $opts{"-input"} before passing it to system. - tye	[reply]
Re: Pod::Usage and Taint Mode by Anonymous Monk on Oct 30, 2011 at 14:41 UTC
Late update: CPAN#29978 covers this, and it is fixed since 1.36. Ob-mention: The CHANGES file also says the package is dead, but I didn't see reference to a replacement for the (very handy) pod2usage	[reply]


Keep It Simple, Stupid
	PerlMonks