ishootperls has asked for the wisdom of the Perl Monks concerning the following question:

What is the best way of making a system call under perl taint mode?
So far, it doesn't like back ticks.....

"An incendiary Perl will solve that problem" :-) - myself

Replies are listed 'Best First'.
Re: System Call Using Taint Mode
by kennethk (Abbot) on Nov 16, 2011 at 17:24 UTC
    Backticks specifically and system calls in general under taint are fine. You just need to explicitly set your $ENV{PATH} to avoid bait-and-switch. See Cleaning Up Your Path in perlsec. 

    #!/usr/bin/perl -wT
use strict;

local $ENV{PATH} = '/bin';

print `echo hello\n`;

    [download]
[reply]
[d/l]
[select]

      Beautiful !! Many thanks kennethk !!

      "An incendiary Perl will solve that problem" :-) - myself
[reply]

Back to Seekers of Perl Wisdom