hotshot has asked for the wisdom of the Perl Monks concerning the following question:

Hi again!
anyone can explain to me what is the following error (could find it using 'search'):
Insecure directory in $ENV{PATH} qhile running with -T ...

[download]
I'v know what is Insecure $ENV{PATH}... and Insecure dependency... errors, but it's the first time i get Insecure directory.... my code is: 
{
  $path = $ENV{PATH} . ':' . $path;   # I want to add to the path not 
+replace it
  $path = &launderFile($path);
  local $ENV{PATH} = $path;   # add the path we found to the environme
+nt variable
  delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};   # Make %ENV safer
  $command = &launderName($command);
  if ($output eq $OUTHANDLER) {   # output is directed to a filehandle
+r and returned as an array
    if (! open(CMD, "$command 2>&1 |")) {
      warn "In performLocalCommand(): Can't open $command for reading:
+ $!";
      return;
    }
  }
}

[download]
I get the error on the 'if (! open(CMD, "$command 2>&1 |"))' line.

Thanks

Hotshot

Replies are listed 'Best First'.
Re: Insecure directory
by iburrell (Chaplain) on Oct 23, 2002 at 20:17 UTC
    Did you read the perlsec and perldiag documentation? They describe tainting and the error message. It says that "you need to set $ENV{'PATH'} to a known value, and each directory in the path must be non-writable by others than its owner and group." My guess is that permissions on the directory you are adding is the problem.
[reply]

Back to Seekers of Perl Wisdom