martin has asked for the wisdom of the Perl Monks concerning the following question:

Up to Perl 5.8.6, it was perfectly legal to open a pipe like this and not worry about $ENV{'PATH'} (notice the -T flag): 
#!/usr/bin/perl -wT

use strict;

$SIG{'PIPE'} = 'IGNORE';
$| = 1;

my $pid = open CONSUMER, '|-';
if (!defined $pid) {
    die "cannot fork: $!";
}
if (!$pid) {
    open STDOUT, '/dev/null';
    my $msg = <STDIN>;
    exit(0);
}
print CONSUMER "hi there\n" or die "cannot write to pipe: $!";
close CONSUMER
    or die $! ? "error closing pipe: $!" : "child exit status: $?";
print "done, satisfied\n";

[download]

However, Perl 5.8.7, 5.8.8 and 5.9.3 won't allow that any longer, insisting that $ENV{PATH} should be set to something secure before executing the open.

I wonder why that is. The environment should be checked before exec and the like, but what is wrong with a simple fork eludes me. Especially since the other piping direction '-|' appears to trigger no such paranoia.

Am I overlooking something or could this be a Perl bug? I'd like to not interfere with global variables like %ENV unless I must.

Update:

The error message I am getting is: Insecure $ENV{PATH} while running with -T switch at /home/martin/example line 8.

And indeed, inserting a line $ENV{'PATH'} = '/bin'; just before the open makes Perl happy if not me.

Replies are listed 'Best First'.
Re: Pipe open triggering environment taint check
by spiritway (Vicar) on Mar 09, 2006 at 04:40 UTC

    Update: As [id://ikegami] has pointed out, this is wrong.

    Check out perldoc perl587delta. It says, among other things:

    There is a new taint error, ``%ENV is aliased to %s''. This error is thrown when taint checks are enabled and when *ENV has been aliased, so that %ENV has no env-magic anymore and hence the environment cannot be verified as taint-free.

[reply]
      ENV is not aliased in the code provided by the OP. It's not obvious how (if) this this relates to the OP's problem. Could you explain?
[reply]
Re: Pipe open triggering environment taint check
by martin (Friar) on Mar 13, 2006 at 20:16 UTC
    Some code inspection finally convinced me that this particular change from 5.8.6 to 5.8.7 was indeed not intentional. I have filed a bug report ([perl #38709]) complete with a patch and some testing code.

    Funny that this has not been noticed sooner. Maybe it hasn't hurt too many people, since opening '|-' will be followed by exec as a rule, in which case one does have to untaint %ENV{PATH} at some point.

    This is one more occasion I really appreciate Perl being Open Source.

[reply]

Back to Seekers of Perl Wisdom