in reply to Security risks of Cwd::abs_path (Why is abs_path tainted?)

It's tainted because it's input from outside your script that's under the (dirty malicious) user's control which means that you can't presume anything about it. 

$ mkdir /tmp/spoo
$ cd /tmp/spoo
$ mkdir "zomg ; rm -rf *"
$ ln -s "zomg ; rm -rf */" spoo
$ cd spoo
$ perl -MCwd -le 'print Cwd::abs_path'
/private/tmp/spoo/zomg ; rm -rf *

[download]

The cake is a lie.
The cake is a lie.
The cake is a lie.

Replies are listed 'Best First'.
Re^2: Security risks of Cwd::abs_path (Why is abs_path tainted?)
by mkanat (Novice) on Dec 20, 2007 at 02:52 UTC
    Thank you, that's exactly what I was looking for. :-) -Max
[reply]

In Section Seekers of Perl Wisdom