Re^3: Proper and acceptable use of backticks in a modern Perl script

$ENV{'PATH'} = '/var/www/';

All relevant executables are in /var/www? I HIGHLY doubt that. A safe value for $ENV{'PATH'} is generally /bin:/usr/bin (which is also the default path set by the operating system, i.e. kernel and/or init). If you want to avoid any executable to be run without an giving its absolute path, set $ENV{'PATH'} to a non-existing or empty directory.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^3: Proper and acceptable use of backticks in a modern Perl script Select or Download Code

Replies are listed 'Best First'.
Re^4: Proper and acceptable use of backticks in a modern Perl script by Polyglot (Chaplain) on Sep 18, 2023 at 23:29 UTC
It won't matter what directory it is set to, as long as it is set. The script runs fine. I am giving the full path of the executable in the backticks, so it shouldn't matter. When an "anything goes" directory solves the problem, it shows the futility of the rule, in my opinion. I realize that people will downvote this like they did my other comment about setting the file to anything, but this is the reality of the situation. The script is not using this `$ENV{PATH}` variable for anything, so being forced to set it, when not using it, is no more secure than if I had not faced such a requirement. Blessings, ~Polyglot~	[reply] [d/l]
Re^5: Proper and acceptable use of backticks in a modern Perl script by fullermd (Vicar) on Sep 19, 2023 at 18:41 UTC
The script is not using this `$ENV{PATH}` variable for anything... Are you sure it's not using it to run `sh`? Remember, backticks aren't "execute this program", they're "pass this string to sh"; that's why you can just cram all the args together in one string, expect `$PATH` (the `$PATH` the shell sees, not perl's var) to affect things, expand shell vars and wildcards, etc.	[reply]
Re^6: Proper and acceptable use of backticks in a modern Perl script by Polyglot (Chaplain) on Sep 21, 2023 at 04:23 UTC
You certainly seem unsure. Perhaps you can find out and enlighten us. I suppose you would say that setting `$ENV{PATH}` will affect everything that Perl does--where it finds its modules, where it runs its "system" command as well, etc. I'm not sure how gullible I am assumed to be to think Perl is so unstable as this would obviously make it. But it does appear that some rather odd things with Perl erasing the $ENV{PATH} crept in post version 5.26. As I said earlier, I've been fortunate (until now) to be on older versions previous to this. Blessings, ~Polyglot~	[reply] [d/l]