in reply to Re: Dereference array via STDIN
in thread Dereference array via STDIN

Consider somebody inputs cs101; unlink $0...

Well, unless the script is run with extra priviledges a user cannot do any more harm than he can from the command line. If the user can unlink $0 from the script itself, he can remove the file from the command line as well.

Replies are listed 'Best First'.
Re^3: Dereference array via STDIN
by tinita (Parson) on Oct 11, 2008 at 12:42 UTC
    If the user can unlink $0 from the script itself, he can remove the file from the command line as well.
    not true for setuid scripts for example. that's also the reason why taint mode is on by default in setuid scripts.
[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom