Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Trojan Horse? (taint mode)

by chromatic (Archbishop)
on Nov 25, 2001 at 23:15 UTC ( #127406=note: print w/replies, xml ) Need Help??


in reply to Trojan Horse? (taint mode)

ph3@r:

print "$\{system('echo \"hello\"')}";

Yet fear not so much:

chomp(my $input = <STDIN>); print "$input\n";
Feed this one the shell command above (a nice variable dereferencing scheme) and it'll print out literally.

Unless you're doing hazardous things with string eval, you're probably safe.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://127406]
help
Chatterbox?
[1nickt]: marioroy Yes, I am using it with MCE, as is Discipulus I believe. I was trying to work out how to make a cpanfile that would be smart enough to know which deps to require.
[1nickt]: See this code. (I expected to simply eval loading threads as a check, but weirdness happened with Perlbrew so it's a grep of -V ...)
[choroba]: Config might be better than grepping -V
[Corion]: Also see Config::V, which is less of that hackery, or that hackery hidden in a module ;)
[1nickt]: The problem was with Perlbrew
[Corion]: Whoops - Config::Perl::V
[1nickt]: I found that when using Perlbrew as recommended, with cpanminus in the system perl lib, such tests were failing to detect the data about the perl that was the install destination.

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (11)
As of 2017-10-18 15:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My fridge is mostly full of:

















    Results (249 votes). Check out past polls.

    Notices?