in reply to Re: Re: Mail::Mailer and difficulty with -T taint mode
in thread Mail::Mailer and difficulty with -T taint mode

Some quick tests indicate that if Mail::Mailer really were using exec in a safe way, perl wouldn't care about $ENV{PATH}. 

[sgifford@sghome sgifford]$ perl -T -e"exec('echo', 'OK')"
Insecure $ENV{PATH} while running with -T switch at -e line 1.
[sgifford@sghome sgifford]$ perl -T -e"exec('/bin/echo OK')"
Insecure $ENV{PATH} while running with -T switch at -e line 1.
[sgifford@sghome sgifford]$ perl -T -e"exec('/bin/echo', 'OK')"
OK

[download]

What mailer are you using with Mail::Mailer, and what version? Can you find the relevant code that you think should be secure but Perl doesn't agree? Why is it a problem to untaint the from address to guarantee that it doesn't contain anything strange?

In Section Seekers of Perl Wisdom