Re: perl -T script.pl and #!/usr/bin/perl -T conflict

Here's the simple solution.

#!/usr/bin perl -w
print "Script started\n";
eval {
        exec("perl -wT $0")     #Only works if taint mode off
};

print "Now we're in taint mode!\n";
[download]

Unfortunately, if your script is suid, this has a gaping security hole, as you've just executed an arbitrary program as root. (Was it /usr/bin/perl as you were expecting, or was it /home/l33t_hax0r/bin/perl? With an insecure $ENV{PATH}, you'll never know.)

Here's a version that fixes that particular hole

#!/usr/bin perl -w
print "Script started\n";
eval {
        $ENV{PATH}, exec("/path/to/perl -wT $0")     #Only works if ta
+int mode off
};

print "Now we're in taint mode!\n";
[download]

Eliminating the "useless use of a hash element in void context" message is left as an exercise for the reader. (Hint: look at the is_tainted function example in perlsec)

--
Ryan Koppenhaver, Aspiring Perl Hacker
"I ask for so little. Just fear me, love me, do as I say and I will be your slave."

Comment on Re: perl -T script.pl and #!/usr/bin/perl -T conflict Select or Download Code