in reply to Re: Unlink under taint mode
in thread Unlink under taint mode

Hey Postulant,

Thanks for the tips on the regexp. But, as Perl doesnīt mind about the regexp I use, for what concerns -T, I still wonder whatīs wrong. The "." and ".." are properly skipped, because I only run the unlink if the checked file variable is defined.

I was wondering: may the problem be the path??

In the command, unlink "../users/$subcookie/$checked_file", both $subookie and $checked_file have been untainted. The only one thing this command still relies is the path! How can I clean up the path??

(Itīs strange that this path wasnīt problem before when I even opened files for writting and stuff; maybe if unlink is more demanding about security, donīt know...) Any hints?

Thanks a lot

André

Replies are listed 'Best First'.
Re: Follow up
by tlm (Prior) on Apr 10, 2005 at 02:31 UTC

    The important part of my earlier reply was the bit about Scalar::Util::tainted (which I would just repeat now); the stuff about the regexps was just BTW.

    the lowliest monk

[reply]
[d/l]

In Section Seekers of Perl Wisdom