in reply to Re: #!$var/bin/perl
in thread #!$var/bin/perl

How is it a security risk? You mean to tell me you don't control your own path? ;)

MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
** The Third rule of perl club is a statement of fact: pod is sexy.

Replies are listed 'Best First'.
Re: Re: Re: #!$var/bin/perl
by dragonchild (Archbishop) on Mar 13, 2003 at 16:24 UTC
    Actually, you cannot depend on anything in the environment, especially not the path. (Well, you can, until you start running financial applications over the web. Then, you can't.) All of that is considered tainted by -T.

    ------
    We are the carpenters and bricklayers of the Information Age.

    Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

    Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Re: Re: #!$var/bin/perl
by hardburn (Abbot) on Mar 13, 2003 at 16:21 UTC

    Using relitive links to executables is well known to be a security risk, because you have to assume that you might not be in control of $PATH. Notice that perl running under taint mode won't let you execute external programs until you assign $ENV{'PATH'}.

    ----
    Reinvent a rounder wheel.

    Note: All code is untested, unless otherwise stated

[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom