in reply to Re^3: Insecure dependency in open
in thread Insecure dependency in open

Maybe you should set $UID = $EUID in that program?

I don't have control over that program. (and it's besides the point; the question is a perl-related question, and should be answered assuming the user has no control over that program.)

Dan Heller
http://www.danheller.com

Replies are listed 'Best First'.
Re^5: Insecure dependency in open
by betterworld (Curate) on Jan 21, 2007 at 22:35 UTC
    I think perl does in fact switch to taintedness if the program starts with different uid and euid. So if you cannot set the uid from the other program, maybe you would want to do something like this: 
    if ($UID != $EUID) {
  $UID=$EUID;
  exec($0, @ARGV);
  die $!;
}

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom