- or download this
system "echo $arg"; # Insecure
system "/bin/echo", $arg; # Secure (doesn't use sh)
...
$path = $ENV{'PATH'}; # $path now NOT tainted
system "echo $data"; # Is secure now!
- or download this
system "/usr/sbin/useradd $cli";
- or download this
## taint environmentals
$ENV{'PATH'} = "/bin:/usr/sbin";
...
print "CLI is $cli";
system("/usr/sbin/useradd $cli");
- or download this
-s "/bin/false" -d "/home/clients/stage.domain.com/testcjm" -G "hostin
+g,domain" testcjm