in reply to Taint bug with backticks in variable assignments

I can kind of explain it, perlvar says
The process number of the Perl running this script. You should consider this variable read-only, although it will be altered across fork() calls. (Mnemonic: same as shells.)
When you do, ``, you're doing a fork. If you do it twice in one statement (as in perl -Tle"`dir $$`, `dir $$`"), $$ will be tainted after the first fork.

update: well, if any variable triggers this then it may very well be a bug. perl -Tle"$a=1;`dir $a`, `dir $a`" Though there is always do ;) perl -Tle"$a=1;`dir $a`, do{`dir $a`}"

update: yeah, i was reachin' with the fork theory :)(and, btw, i couldn't find a perlbug report on this)

MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
** The third rule of perl club is a statement of fact: pod is sexy.

Replies are listed 'Best First'.
Re: Taint bug with backticks in variable assignments
by Abigail-II (Bishop) on Nov 19, 2003 at 15:44 UTC
    No, it's not just the fork (which would be weird anyway, as a fork won't change $$ in the parent anyway): 
    #!/usr/bin/perl -T
use strict;
use warnings;

$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';

fork || exit;

my $temp_fails = [
                   # `mktemp /tmp/temp.$$.XXXXXX`,
                   `mktemp /tmp/temp2.$$.XXXXXX`,
                  ];

print "Success\n";
 
__END__
Success

    [download]

    Abigail

[reply]
[d/l]
Re: Re: Taint bug with backticks in variable assignments
by shotgunefx (Parson) on Nov 19, 2003 at 15:11 UTC
    That would explain $$, but it seems to happen with all variables.. 
    #!/usr/bin/perl -T
use strict;
use warnings;

$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';

my $untainted = 'foo';
my $temp_fails = [ 
                   `mktemp /tmp/temp.$untainted.XXXXXX`,  
                   `mktemp /tmp/temp.$untainted.XXXXXX`,
                 ];

    [download]


    -Lee

    "To be civilized is to deny one's nature."
[reply]
[d/l]

In Section Seekers of Perl Wisdom