in reply to Insecure Environment ?

Anonymous Monk's reference to perlsec is correct:
The PATH isn't the only environment variable which can cause problems. Because some shells may use the variables IFS, CDPATH, ENV, and BASH_ENV, Perl checks that those are either empty or untainted when starting subprocesses.

Likely your singular client is the only one whose shell is setting $ENV{ENV}.

As a secondary note, rather than stashing and restoring values, you can use local to create a lexically dynamically-scoped version of the variable, meaning you don't have to worry about forgetting to restore a value. So maybe you want to write: 

local $ENV{PATH} = '/bin:/usr/bin:/usr/local/bin';

[download]
and $ENV{PATH} will be restored once the sub exits. As it stands, the path is clobbered if your open fails, and this would fix that. Or if you want to be thorough 
local @ENV{qw|PATH IFS CDPATH ENV BASH_ENV|} = '/bin:/usr/bin:/usr/loc
+al/bin';

[download]

#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

Replies are listed 'Best First'.
Re^2: Insecure Environment ?
by dave_the_m (Monsignor) on Jul 23, 2014 at 07:55 UTC
    you can use local to create a lexically-scoped version of the variable
    Strictly speaking, local is dynamically scoped rather than lexically scoped.

    Dave.

[reply]

In Section Seekers of Perl Wisdom