in reply to Re^5: Insecure dependency in open
in thread Insecure dependency in open

Whoops! Completely disregard this post. I thought at the time that perl wasn't even letting me read from STDIN but it is. That changes my recently follow-up question thread, which can now be discarded. (I thought perl wasn't letting me set a variable from STDIN.). Mea culpa. More later...

Dan Heller
http://www.danheller.com

Replies are listed 'Best First'.
Re^7: Insecure dependency in open
by ikegami (Patriarch) on Jan 22, 2007 at 22:27 UTC

    I don't yet see how calling $filename = <STDIN> is any different than saying $filename = $ENV{HOME}.

    They're not. 

    >echo "input" | perl -T -e "use Scalar::Util qw( tainted ); my $var = 
+<STDIN>; print(tainted($var)?1:0, qq{\n})"
1

>set VAR=input & perl -T -e "use Scalar::Util qw( tainted ); my $var =
+ $ENV{VAR}; print(tainted($var)?1:0, qq{\n})"
1

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom