in reply to Database backup submission
Also, looking through the code, I've just remembered a problem with it that I don't understand.### Any other security stuff $ENV{'PATH'} = undef;
You're getting the warning with the $ENV{PATH} set to undef because $ENV{PATH} is checked when system calls are made. If you want to get rid of this error set $ENV{PATH} to "" instead.
The reason $ENV{PATH} failed taint checking altogether is that the assumption is that any user running your script can edit their $ENV{PATH} to whatever they like. Hence relying on $ENV{PATH} to be sensible is like assuming any other user data is sensible. You could also have just untainted $ENV{PATH}, but setting the full path is the much wiser option.
jarich
|
|---|