I'm not sure why OP is having the tainting trouble at that line, however. Could you also give the context of the call? That is, how your program is calling the routine that fails, and where each variable in the call comes from.

The code is pretty simple, from the script' s view it is like this:

$file = "/tmp/emaildata." . time . ".txt";

..code to file the file with data..

$lineprinter = new Net::Printer(
                                  filename    => $file,
                                  printer     => "lpr",
                                  server      => "172.16.0.166",

                                  port        => 515,
                                  lineconvert => "YES"
                                );
$result = $lineprinter->printfile();
[download]

so it might be the $file, which is making trouble, isn't it? -- there are no silly questions killerhippy

You're not looking at it from the point of view of taint checking. Taint-checking is telling you that one of the 2 arguments to bind (probably the second) is "insecure".

Looking at the source of Net::Printer, I now see the problem: Line 534 of Printer.pm is our old friend

    if (!(bind($sh, $this))) {
    return "Printer: Error: Cannot bind socket: $!\n";
    } # if !bind($sh, $this)
[download]

Where does $this come from? Line 525 packs it, based on the contents of $thisaddr. That variable is set in line 512 from the return values of gethostbyname($hostname), and $hostname is set at line 500 by the insecure code chop ($hostname = `hostname`);.

It's potentially insecure because it uses a path lookup, and because the value is coming from outside your program. If you're very very sure that hostname will be returning a correct value, you can "untaint" $hostname by the methods discussed in this thread and in perlsec.

Better would be to modify the code to discover the hostname without running another process in backticks.