system "echo $arg";         # Insecure
           system "/bin/echo", $arg;   # Secure (doesn't use sh)
           system "echo $hid";         # Insecure
           system "echo $data";        # Insecure until PATH set

           $path = $ENV{'PATH'};       # $path now tainted

           $ENV{'PATH'} = '/bin:/usr/bin';
           delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

           $path = $ENV{'PATH'};       # $path now NOT tainted
           system "echo $data";        # Is secure now!


##</code><code>##

system "/usr/sbin/useradd $cli";


##</code><code>##

## taint environmentals
$ENV{'PATH'} = "/bin:/usr/sbin";
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};

## clean up user's name
$formdata{username} =~ s/ //g;
$formdata{username} =~ s/[^A-Za-z0-9]//g;
$formdata{username} =~ /^([A-Za-z0-9]{1,8}).*$/;
$formdata{username} = $1;

my $cli = "-s $shell -d $home -G $group $formdata{username}";
  $cli =~ /^(\-s \"\/bin\/false\" \-d \"\/home\/clients\/(?:stage\.)?(?:[\w\-]+\.)(?:\w{2,3}\.)?(?:\w{2,4})\/[A-Za-z0-9]+\" \-G \"hosting\,[\w\-]+\" [A-Za-z0-9]+)$/;
  $cli = $1;

  print "CLI is $cli";

  system("/usr/sbin/useradd $cli");


##</code><code>##

-s "/bin/false" -d "/home/clients/stage.domain.com/testcjm" -G "hosting,domain" testcjm