Re^4: One true regexp for untainting windows filenames?


Welcome to the Monastery
	PerlMonks

Re^4: One true regexp for untainting windows filenames?

by jaldhar (Vicar)

on Jan 09, 2009 at 19:42 UTC ( [id://735283]=note: print w/replies, xml )

Need Help??

in reply to Re^3: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?

To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error.

I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking.

Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else.

--
જલધર

Comment on Re^4: One true regexp for untainting windows filenames? Select or Download Code

Replies are listed 'Best First'.
Re^5: One true regexp for untainting windows filenames? by ikegami (Patriarch) on Jan 09, 2009 at 19:59 UTC
Safe to use in qx//; in taint mode In such general terms, it's impossible. You can make it so `qx//` doesn't croak, but you can't make it safe. Need more info.	[reply] [d/l]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://735283]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others having an uproarious good time at the Monastery: (3)

As of 2024-04-20 01:11 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found