perlquestion syphilis Hi,<br> In Inline.pm we have the following subroutine which gets called whenever the Config option 'UNTAINT' is set: <c> #============================================================================== # Blindly untaint tainted fields in Inline object. #============================================================================== sub env_untaint { my $o = shift; for (keys %ENV) { ($ENV{$_}) = $ENV{$_} =~ /(.*)/; } my $delim = $^O eq 'MSWin32' ? ';' : ':'; $ENV{PATH} = join $delim, grep {not /^\./ and -d $_ and not ((stat($_))[2] & 0022) } split $delim, $ENV{PATH}; map {($_) = /(.*)/} @INC; } </c> And that works quite well on linux, untainting $ENV{PATH} and leaving it intact. But on windows it clobbers $ENV{PATH}, leaving it empty.<br><br>The culprit is the <c>not ((stat($_))[2] & 0022)</c> condition. On linux, where <c>stat($_))[2]</c> is 16877 for all of the folders in my path, <c>((stat($_))[2] & 0022)</c> is false. But on windows <c>stat($_))[2]</c> is 16895 for all of the folders in my path, and <c>((stat($_))[2] & 0022)</c> is true.<br><br>If I simply remove that condition for windows, everything is fine. But is that the correct thing to do ? Why has that condition been put in there, and what's the correct windows form it should take ? <br><br>Cheers,<br>Rob