Re: Re: perlsec question

I should think that clearing %ENV would eventually bite you in the butt when you start using the code in question to run programs that depend on the environment.

Granted there are times when it's appropriate -- running children from a setuid program, for example -- but most of the time it's just too big a hammer.

-- Chip Salzenberg, Free-Floating Agent of Chaos

Comment on Re: Re: perlsec question Download Code

Replies are listed 'Best First'.
Re: Re: Re: perlsec question by belg4mit (Prior) on Dec 14, 2001 at 20:23 UTC
When all you have is a hammer everything looks like a nail :-D. Except of course having a swiss army chainsaw there is more than a hammer at our disposal. However, it surely cannot be too difficult to later clean and pass other environment variables as needed. Else one could say not clearing %ENV will eventually bite you in the butt because you have no idea what some clever author of an external program will rely upon and do with an environment variable ;-). `-- perl -p -e "s/(?:\w);([st])/'\$1/mg"`	[reply]

Replies are listed 'Best First'.

Re: Re: Re: perlsec question
by belg4mit (Prior) on Dec 14, 2001 at 20:23 UTC

-- perl -p -e "s/(?:\w);([st])/'\$1/mg"

[reply]