What I meant is that if you say (in the original code)

my $runcmd = '/bin/ls -l > test.text';

then you don't have to worry about the taintedness of PATH. It won't be used to find ls.

Problem is, perl does not know that:

sidhekin@blackbox:~$ perl -wT -Mstrict -e 'system("/bin/ls -l")'
Insecure $ENV{PATH} while running with -T switch at -e line 1.
sidhekin@blackbox:~$
[download]

In fact, I don't think perl can know what /bin/ls may or may not want to do with PATH. Nor does it matter if the shell is involved in running that command:

sidhekin@blackbox:~$ perl -wT -Mstrict -e 'system("/bin/ls", "-l")'
Insecure $ENV{PATH} while running with -T switch at -e line 1.
sidhekin@blackbox:~$
[download]

So, I'm afraid you'll still have to worry about taintedness of PATH -- and any other "potentially dangerous" environment variable. At least using full path gives you an easy way to deal with tainted PATH: Just delete it!

sidhekin@blackbox:~$ perl -wT -Mstrict -e 'delete $ENV{PATH}; system("
+/bin/ls", "-l")'
Insecure $ENV{BASH_ENV} while running with -T switch at -e line 1.
sidhekin@blackbox:~$
[download]

Um, er, along with every other "potentially dangerous" environment variable, that is ...