RE: RE: Re: Using perl to automate mail backup

I'm not sure what you mean by resetting the current working directory. When your script exits, its current working directory disappears with it, just like its environment.

(fastolfe) eddie:~$ perl -e 'chdir("tmp"); system("pwd");'
/home/fastolfe/tmp
(fastolfe) eddie:~$ pwd
/home/fastolfe
[download]

There is also the Cwd module, which will fetch the current working directory (via getcwd or cwd). I don't know if/how these values are tainted though.

Comment on RE: RE: Re: Using perl to automate mail backup Download Code

Replies are listed 'Best First'.
RE: RE: RE: Re: Using perl to automate mail backup by zzspectrez (Hermit) on Nov 12, 2000 at 23:34 UTC
Oppps! I didn't even realize that the directory gets reset when the program exits. All my other experience programming in the dos environment ( masm, turbo pascal ) you had to save the path and restore it when you exit or you would be left in the last directory your program set. That solves that problem. I can remove that section of code and use taint checking. I had looked at the Cwd module, but its implementation is the same: Taken from Cwd.pm sub _backtick_pwd { my $cwd; chop($cwd = `pwd`); $cwd; } [download] And the working directory returned is tainted. zzspectrez	[reply] [d/l]
RE: RE: RE: RE: Re: Using perl to automate mail backup by Fastolfe (Vicar) on Nov 13, 2000 at 08:55 UTC
Check the 'getcwd' function instead of 'cwd'. This does not use an external command. It's a lot more intensive, but does a more thorough job (and may perhaps be how 'pwd' does it internally, actually). Data may still be considered tainted, though. I don't really think there's going to be a way to get at filesystem information in such a way that you can't consider it unsafe/tainted to begin with, since any part of it can be arbitrarily supplied by any user. If you trust it, un-taint it.	[reply]