Re^3: taint mode, libraries and file path

Good point. Note that perl's taint mode doesn't guard against other wild variables, such as LD_LIBRARY_PATH or LD_PRELOAD, both of which are on many systems just as dangerous as PATH.

--
@/=map{[/./g]}qw/.h_nJ Xapou cets krht ele_ r_ra/;
map{y/X_/\n /;print}map{pop@$_}@/for@/
[download]

Comment on Re^3: taint mode, libraries and file path Download Code

Replies are listed 'Best First'.
Re^4: taint mode, libraries and file path by danmcb (Monk) on Aug 22, 2005 at 21:50 UTC
thank you all muchly for the help. I did get a fix by setting $ENV{PATH} = '' which is fine for now. I use other parts of ENV quite a lot though, esp REMOTE_USER as I am using htaccess and need to identify people. I realise it os not the most secure method, but it's fine for what I want. To be honest, I don't completely understand ENv and PATH and what they really do - I need to do some Apache reading I guess. Thanks again for the help	[reply]

Replies are listed 'Best First'.

Re^4: taint mode, libraries and file path
by danmcb (Monk) on Aug 22, 2005 at 21:50 UTC

thank you all muchly for the help. I did get a fix by setting $ENV{PATH} = '' which is fine for now.

I use other parts of ENV quite a lot though, esp REMOTE_USER as I am using htaccess and need to identify people. I realise it os not the most secure method, but it's fine for what I want.

To be honest, I don't completely understand ENv and PATH and what they really do - I need to do some Apache reading I guess.

Thanks again for the help

[reply]