Re: Re: Getting To Grips With Taint

Replies are listed 'Best First'.
Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by zigdon (Deacon) on Sep 30, 2002 at 16:12 UTC
Ok, that helps - try setting $ENV{BASH_ENV} then to the same path, or just to an empty string, and use the full path to ls: $ENV{BASH_ENV} = ''; my @files = `/bin/ls`; [download] -- Dan	[reply] [d/l]
Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 16:18 UTC
Thats fixed it. Cheers Is the method i am using ok? I'm just wondering if there is a better, more solid way of doing this? I am trying to keep clear of adding perl modules as my sysadmin doesn't allow it, but i think we are on perl 5.6.something so i am not sure what modues are included with that release. Thanks	[reply]
Re: Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by zigdon (Deacon) on Sep 30, 2002 at 16:28 UTC
I'd suggest you go read the perlsec manpage. It explains taint, and why and when to use it. In your case, I'm not sure why you're using taint, as (at least in the snipplet you supplied), you're not really doing anything with the data you're reading. Just making sure you're using the full path to 'ls' is enough - but you don't really need taint for that. -- Dan	[reply]
Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 17:03 UTC
Just one last question (if anybody is still reading this node). Taint complains about using unlink $file; What are the alternatives to that? `Insecure dependency in unlink while running with -T switch at ./addvir +tuser.pl` [download]	[reply] [d/l]