athomason has asked for the wisdom of the Perl Monks concerning the following question:

Today I got tired of rewriting the same sendmail scraps every time I need to mail something, so I went and installed Mail::Mailer. Surprise! My CGI script now fails with 
Insecure dependency in piped open while running with -T switch at 
/usr/pkg/lib/perl5/site_perl/Mail/Mailer.pm line 269.

[download]
Mailer.pm attempts to open($self, "|-"), which looks safe enough to me since I've explicitly told it where sendmail is. Obviously, taint checking is too critical to trade off for the convenience of a sendmail wrapper. Is there anything I can do in my code to avoid the error? Do I need to change the module? Go back to writing my own mail code? It seems this problem would pop up all the time with CPAN modules. There must be a solution, if only requesting that module writers make their code taint-safe. Suggestions?

Replies are listed 'Best First'.
Re: Taint unsafe modules
by johannz (Hermit) on Jun 21, 2000 at 04:08 UTC
    Have you tried the Mail::Sendmail module available from CPAN? I've used it before with no problems. I have not tried it with taint-checking on however. The advantage to this module is that it does not require the sendmail application to exist on your system. Therefore, it is handy to use on Windows and other non-unix-y systems.
[reply]
Re: Taint unsafe modules
by le (Friar) on Jun 21, 2000 at 11:22 UTC
    How about untainting your data? I think that perlsec explains how to do that.
[reply]

Back to Seekers of Perl Wisdom