Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: Taint mode limitations

by MidLifeXis (Monsignor)
on Nov 02, 2012 at 16:04 UTC ( #1002003=note: print w/ replies, xml ) Need Help??

in reply to Taint mode limitations

Note the difference between the following (assuming windows, adjust system as necessary).

perl -T -e "$ENV{PATH}='c:\\windows'; $string='original'; $string=$1 i +f $ARGV[0] =~ /([a-zA-Z]+)/; system qq(notepad.exe $string) and die $ +!" perl -T -e "$ENV{PATH}='c:\\windows'; $string='original'; $string=$1 i +f $ARGV[0] =~ /([a-zA-Z]+)/; system qq(notepad.exe $string) and die $ +!" foo perl -T -e "$ENV{PATH}='c:\\windows'; $string=$ARGV[0]; $string =~ s +/ //g; system qq(notepad.exe $string) and die $ +!" perl -T -e "$ENV{PATH}='c:\\windows'; $string=$ARGV[0]; $string =~ s +/ //g; system qq(notepad.exe $string) and die $ +!" foo

Only the last command generates the error message: Insecure dependency in system while running with -T switch at -e line 1.. The first two commands illustrate how to untaint a parameter, the last two commands are doing what I think you describe.


Comment on Re: Taint mode limitations
Select or Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002003]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2015-11-28 12:51 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (741 votes), past polls