Re^2: perl and taint mode

now, I have Insecure dependency in system while running with -T grrrr... I try system "command1", "img.g3" > "img.pbm"; (command1 = /path/to/command and img.g3 = /path/to/img.g3 and img.pbm = /path/to/img.pbm) => Argument "/home/e-smith/files/ibays/fax-voice1/html/fax/tmp/3145.f..." isn't numeric in numeric gt (>) at /home/e-smith/files/ibays/fax-voice 1/cgi-bin/fax/nph-vf-pdf.cgi line 653. I want to write in img.pbm!!! It is not a numerical operation ;o) anne

Comment on Re^2: perl and taint mode

Replies are listed 'Best First'.
Re^3: perl and taint mode by thospel (Hermit) on Jan 02, 2005 at 04:48 UTC
You are now using the list form of system, which means no shell will be used (which is good). However, redirection like ">" is done by the shell, so you can't do it like that. (you can use a pipe open instead and write the file yourself, or use backticks, or do the fork/exec yourself so you can first open stdout to a file. Or go back to using the shell, but in a safe way). Also notice that the insecure PATH complaint was about how the program gets looked up, and has nothing to do with the targetfile. You don't have to give that an absolute path (unless what your working directory is is untrusted too of course). Now carefully read your error message. It's not complaining about an insecure dependency, but that you are comparing string "img.g3" to "img.pbm". Always start by assuming perl knows what it's talking about, however sure you are that you know better. There's always a reason for the messages you get.	[reply]
Re^3: perl and taint mode by Anonymous Monk on Jan 02, 2005 at 01:17 UTC
Stop being lazy and RTFM. Insecure dependency in `` while running with -T switch	[reply]
Re^4: perl and taint mode by Anonymous Monk on Jan 02, 2005 at 02:10 UTC
yes, I read perlsec, perlipc, perl... In perlsec : exec "echo $arg"; #not good exec "echo", $arg; #is good but I have ">/path/to/file" for write in /path/to/file and I do not find a solution for that! anne	[reply]