(Ovid) Re: why is this tainted?

You actually have a few issues here. The first one is that your PATH variable is tainted. This is to prevent a clever cracker from figuring out how to set the path and have your code execute his or her "sendmail" program.

Further, though I haven't tested it, I'm pretty durned sure that $email will be tainted. If it's not, it should be. Remember, taint checking is to ensure that no data derived from outside your program can affect anything outside of your program. Because you didn't explitly set $email in your program, you have no guarantee of it's value, and therefore it's effect on the overall program. Once again, a clever cracker finding a way to alter the contents of your database could make your life miserable.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Comment on (Ovid) Re: why is this tainted?

Replies are listed 'Best First'.

Re: (Ovid) Re: why is this tainted?
by grep (Monsignor) on Dec 29, 2001 at 00:21 UTC

#!/usr/bin/perl -w
use strict;
my $email = '; cat /etc/passwd';

open (MAIL, "| /usr/lib/sendmail $email");
[download]

excellent tutorial on "Web Programming with Perl"

grep

grep> cd pub
grep> more beer
[download]

[reply]
[d/l]
[select]