I originally did, but I wanted to be able to have the working directory reset to its original value when the program exits. The only way I know to do this is my $old_dir = `pwd`, and the output of the pwd program causes $old_dir to be tainted.

From what I can gather, the only proper way to untaint data is to using a regular expression. Something along the lines of this I believe: my ($untainted) = $old_dir =~ /^(.*)/. Then I could use chdir $untainted without getting a warning of an insecure dependency in chdir. If I understand it correctly, this is how you convince perl that you have filtered the input of any harmfull input. Will my code above cause some insecurity because of it blindly untainting the input of pwd??

Thanks for the link to the perlsec. I have looked it over a few times but it is one document that I need to read over more thouroughly. I am not a security expert, that is for sure!

Thanks!
zzspectrez

I'm not sure what you mean by resetting the current working directory. When your script exits, its current working directory disappears with it, just like its environment.

(fastolfe) eddie:~$ perl -e 'chdir("tmp"); system("pwd");'
/home/fastolfe/tmp
(fastolfe) eddie:~$ pwd
/home/fastolfe
[download]

There is also the Cwd module, which will fetch the current working directory (via getcwd or cwd). I don't know if/how these values are tainted though.

Oppps! I didn't even realize that the directory gets reset when the program exits. All my other experience programming in the dos environment ( masm, turbo pascal ) you had to save the path and restore it when you exit or you would be left in the last directory your program set.

That solves that problem. I can remove that section of code and use taint checking.

I had looked at the Cwd module, but its implementation is the same:

Taken from Cwd.pm

sub _backtick_pwd {
    my $cwd;
    chop($cwd = `pwd`);
    $cwd;
}
[download]

And the working directory returned is tainted.

zzspectrez