Re^3: taint mode

What output do you get for perl -V?

Works for me for pretty much any perl 5.8/5.12/5.14/5.16

$ perl -MScalar::Util=tainted -Te " $value = shift; warn tainted $valu
+e; if( $value =~ /^([\w|\s|\/|\-]+)$/ ){ $value =
$1; } die tainted $value; " x123uvw1
1 at -e line 1.
0 at -e line 1.
[download]

Comment on Re^3: taint mode Select or Download Code

Replies are listed 'Best First'.
Re^4: taint mode by McGaida (Initiate) on Mar 17, 2015 at 14:05 UTC
Hallo, as mentioned above the perl version I´m working with is 5.8.4 on a Solaris 10 intel based x64 server. I finished the script with the workaround and it is okay but still not sure what the problem is. The example you posted is working fine, but if I copy paste the code into the "real" script it is not working. Here is the head definition with all the modules needed I suppose that something is not right here: `#!/bin/perl use Cwd; use English; use Sys::Hostname; use locale; use strict; #use warnings; use Time::Local; use Data::Dumper; use Scalar::Util qw(tainted); $ENV{'PATH'} = "/bin:/usr/bin:/usr/sbin"; $ENV{SHELL} = "/bin/sh" if exists $ENV{SHELL}; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer` [download] As you can see the taint mode is not enabled be the switch -T, because if you start the tool from command line (only pssible for advanced users) files can be deleted. The standard user will start this by a graphical interface where sgid is set and perl turn on the tainted mode. So for my personal interest if somebody has a glue please post.	[reply] [d/l]
Re^5: taint mode by Anonymous Monk on Mar 19, 2015 at 07:18 UTC
So for my personal interest if somebody has a glue please post. You have the clue, you have the real actual program that you say is misbehaving -- fantastic -- now just copy/paste it, keep deleting stuff until you have 10-20 lines which reproduce the problem	[reply]