in reply to Taint and Mail::Mailer

First problem I see lets you relax a little. Reverse the lines 

$ENV{'PATH'} = '/bin:/usr/bin:/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

[download]
to 
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$ENV{'PATH'} = '/bin:/usr/bin:/sbin';

[download]
That gives you a usable and untainted $ENV{PATH}.

After Compline,
Zaxo

Replies are listed 'Best First'.
Re^2: Yet another Taint question
by Nkuvu (Priest) on Jun 26, 2004 at 05:19 UTC

    Hmm, not sure I see the difference. Doesn't the delete only delete the matching environment variables? If so, it doesn't affect the path. Right? Sort of? Not?

    Keep in mind that I copied these lines from perldoc perlsec and I'm not really sure how the delete is working. I know why the lines are there, and I know what the $ENV{'PATH'} = '/bin:/usr/bin:/sbin'; does. Just not the delete.

[reply]
[d/l]
[select]

      Ahhrgh, you're correct, I'm accustomed to deleting $PATH before assignment and thought you meant the same. Sorry.

      After Compline,
      Zaxo

[reply]

        Not a problem at all. I always prefer to understand the code I'm using, and I've found that the best way to understand something is to try to explain it. I don't know how many times in code reviews I've had someone question why I did something a particular way, and I've always found it to be beneficial.

[reply]

In Section Seekers of Perl Wisdom