Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Taint mode limitations

by MidLifeXis (Prior)
on Nov 02, 2012 at 16:04 UTC ( #1002003=note: print w/ replies, xml ) Need Help??


in reply to Taint mode limitations

Note the difference between the following (assuming windows, adjust system as necessary).

perl -T -e "$ENV{PATH}='c:\\windows'; $string='original'; $string=$1 i +f $ARGV[0] =~ /([a-zA-Z]+)/; system qq(notepad.exe $string) and die $ +!" perl -T -e "$ENV{PATH}='c:\\windows'; $string='original'; $string=$1 i +f $ARGV[0] =~ /([a-zA-Z]+)/; system qq(notepad.exe $string) and die $ +!" foo perl -T -e "$ENV{PATH}='c:\\windows'; $string=$ARGV[0]; $string =~ s +/ //g; system qq(notepad.exe $string) and die $ +!" perl -T -e "$ENV{PATH}='c:\\windows'; $string=$ARGV[0]; $string =~ s +/ //g; system qq(notepad.exe $string) and die $ +!" foo

Only the last command generates the error message: Insecure dependency in system while running with -T switch at -e line 1.. The first two commands illustrate how to untaint a parameter, the last two commands are doing what I think you describe.

--MidLifeXis


Comment on Re: Taint mode limitations
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002003]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (11)
As of 2014-10-21 20:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (110 votes), past polls