Line 50 of the Perl program elog2 contains the following statement:

my $UNAME = `/sbin/uname -n`;

When I run the program in taint mode I get the following warning: 

Insecure $ENV{PATH} while running with -T switch at elog2 line 50.

[download]

The following statement added to the top of the program makes that warning go away: 

#$ENV{PATH}= '/bin:/usr/bin:/usr/lbin/future';

[download]

The question is, why does the warning go away? Since line 50 specifies an absolute pathname I do not understand why taint cares whether there is an explicit path statement in the Perl program or not. What is the danger that the taint warning is guarding against?

In reply to Surprising Taint Behavior by sierrathedog04

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.