in reply to Taint Mode Doesn't Like SENDMAIL Pipe

The problem is that you're not using an explicit path to sendmail. Try this:

open (MAIL,"|/usr/sbin/sendmail -t") 
  || die "Unable to open sendmail";

[download]
--
<http://www.dave.org.uk>

"Perl makes the fun jobs fun
and the boring jobs bearable" - me

Replies are listed 'Best First'.
Re: Re: Taint Mode Doesn't Like SENDMAIL Pipe
by isotope (Curate) on May 12, 2001 at 01:01 UTC
    The problem, as explained here, is that $ENV{'PATH'} is untrusted, and not only does Perl mistrust it (hence use the explicit path for sendmail), Perl assumes that sendmail just might try to execute things using the untrusted path with which Perl spawns it, which could be a very bad thing (especially considering sendmail is usually suid root). You must provide a safe $ENV{'PATH'} or you still have potentially tainted data.

    --isotope
    http://www.skylab.org/~isotope/
[reply]
Re: Re: Taint Mode Doesn't Like SENDMAIL Pipe
by Anonymous Monk on May 11, 2001 at 23:39 UTC
    That doesn't seem to keep Taint mode from complaining.
[reply]

In Section Seekers of Perl Wisdom