in reply to Re^3: taint mode
in thread taint mode
Hallo,
as mentioned above the perl version I´m working with is 5.8.4 on a Solaris 10 intel based x64 server.
I finished the script with the workaround and it is okay but still not sure what the problem is.
The example you posted is working fine, but if I copy paste the code into the "real" script it is not working.
Here is the head definition with all the modules needed I suppose that something is not right here:
#!/bin/perl use Cwd; use English; use Sys::Hostname; use locale; use strict; #use warnings; use Time::Local; use Data::Dumper; use Scalar::Util qw(tainted); $ENV{'PATH'} = "/bin:/usr/bin:/usr/sbin"; $ENV{SHELL} = "/bin/sh" if exists $ENV{SHELL}; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
As you can see the taint mode is not enabled be the switch -T, because if you start the tool from command line (only pssible for advanced users) files can be deleted.
The standard user will start this by a graphical interface where sgid is set and perl turn on the tainted mode.
So for my personal interest if somebody has a glue please post.
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^5: taint mode
by Anonymous Monk on Mar 19, 2015 at 07:18 UTC |