Taint mode errror

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I'm trying to execute the following code in Taint mode :

my $hostname = `/bin/hostname`;
print $hostname;
[download]

but i get the following error msg:
"Insecure $ENV{PATH} while running with -T switch" .
how do i fix this? thanks.

Comment on Taint mode errror Download Code

Replies are listed 'Best First'.
Re: Taint mode errror by santang (Acolyte) on Apr 08, 2004 at 01:15 UTC
Set the `$ENV{PATH}` to a hardcoded (or at least, untainted) value. eg: `$ENV{PATH} = "/bin:/usr/bin";` Sure, what you're doing doesn't use `$ENV{PATH}` at all, but Perl doesn't know that. Forging your own path does not mean that you should avoid asking for directions.	[reply] [d/l]
Re: Re: Taint mode errror by halley (Prior) on Apr 08, 2004 at 12:59 UTC
If you're going to execute things with absolute paths (`/bin/foobar`), you might be able to get away with no path (`undef $ENV{PATH}`). The executed process will have to be explicit in any nested exec/system call, but that's arguably a good thing. -- `[ e d @ h a l l e y . c c ]`	[reply] [d/l] [select]
Re: Re: Taint mode errror by Anonymous Monk on Apr 08, 2004 at 01:35 UTC
Thanks, that did the trick :-)	[reply]
Re: Taint mode errror by Fletch (Bishop) on Apr 08, 2004 at 01:36 UTC
`perldoc perlsec` explains why the above mentioned fix works.	[reply] [d/l]