Taint Mode Doesn't Like SENDMAIL Pipe

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Monks,

I am sending some data from a signup form to an e-mail address using this code -- which some other fellow Monks were nice enough to lend me a while back.

open (MAIL,"|sendmail -t") || die "Unable to open sendmail";
print MAIL "To: $recipient\n";
print MAIL "From: $from_email\n";
print MAIL "Reply-to: $reply_email\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$body";
close (MAIL) || die "Unable to send e-mail";
[download]

It works great, but when I turn on Taint Mode by adding -T to the #!/usr/bin/perl line, I get the following error message:

Insecure $ENV{PATH} while running with -T switch at submit.cgi line 13
+7.
[download]

Line 137 if, of course, this one:

open (MAIL,"|sendmail -t") || die "Unable to open sendmail";
[download]

So my question is.... what is the proper way of securing this operation so that Taint Mode is happy (as well it deserves to be)?

Thanks for your input, as always!

Comment on Taint Mode Doesn't Like SENDMAIL Pipe Select or Download Code

Replies are listed 'Best First'.
Re: Taint Mode Doesn't Like SENDMAIL Pipe by isotope (Deacon) on May 11, 2001 at 20:28 UTC
See Surprising Taint Behavior. In short, always explicitly set `$ENV{'PATH'}` to something safe before trying to execute external commands. --isotope http://www.skylab.org/~isotope/	[reply]
Re: Taint Mode Doesn't Like SENDMAIL Pipe by mr.nick (Chaplain) on May 11, 2001 at 20:29 UTC
Try adding a `$ENV{PATH}='/bin:/usr/bin:/usr/local/bin';` [download] and then changing your `open` line to `open(MAIL,"\| /usr/bin/sendmail -t") \|\| die "$!";` [download] (or where ever your sendmail lives).	[reply] [d/l] [select]
(ar0n) Re: Taint Mode Doesn't Like SENDMAIL Pipe by ar0n (Priest) on May 11, 2001 at 20:50 UTC
Use a module. Mail::Sendmail: `use Mail::Sendmail; %mail = ( To => $recipient, From => $from_email, Subject => $subject, Message => $body ); sendmail(%mail) or die $Mail::Sendmail::error;` [download] [ ar0n ]	[reply] [d/l]
Re: Taint Mode Doesn't Like SENDMAIL Pipe by davorg (Chancellor) on May 11, 2001 at 20:40 UTC
The problem is that you're not using an explicit path to `sendmail`. Try this: `open (MAIL,"\|/usr/sbin/sendmail -t") \|\| die "Unable to open sendmail";` [download] -- <http://www.dave.org.uk> "Perl makes the fun jobs fun and the boring jobs bearable" - me	[reply] [d/l]
Re: Re: Taint Mode Doesn't Like SENDMAIL Pipe by isotope (Deacon) on May 12, 2001 at 01:01 UTC
The problem, as explained here, is that `$ENV{'PATH'}` is untrusted, and not only does Perl mistrust it (hence use the explicit path for sendmail), Perl assumes that sendmail just might try to execute things using the untrusted path with which Perl spawns it, which could be a very bad thing (especially considering sendmail is usually suid root). You must provide a safe `$ENV{'PATH'}` or you still have potentially tainted data. --isotope http://www.skylab.org/~isotope/	[reply]
Re: Re: Taint Mode Doesn't Like SENDMAIL Pipe by Anonymous Monk on May 11, 2001 at 23:39 UTC
That doesn't seem to keep Taint mode from complaining.	[reply]
Re: Taint Mode Doesn't Like SENDMAIL Pipe by Anonymous Monk on May 11, 2001 at 22:46 UTC
Thanks for the helping gang. I'm not sure which option I will end up as the permanent fix, but it looks like they are all contenders! Rock on!	[reply]