Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Re: #!$var/bin/perl

by PodMaster (Abbot)
on Mar 13, 2003 at 16:17 UTC ( #242734=note: print w/ replies, xml ) Need Help??


in reply to Re: #!$var/bin/perl
in thread #!$var/bin/perl

How is it a security risk? You mean to tell me you don't control your own path? ;)


MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
** The Third rule of perl club is a statement of fact: pod is sexy.


Comment on Re: Re: #!$var/bin/perl
Re: Re: Re: #!$var/bin/perl
by hardburn (Abbot) on Mar 13, 2003 at 16:21 UTC

    Using relitive links to executables is well known to be a security risk, because you have to assume that you might not be in control of $PATH. Notice that perl running under taint mode won't let you execute external programs until you assign $ENV{'PATH'}.

    ----
    Reinvent a rounder wheel.

    Note: All code is untested, unless otherwise stated

      I do not have to assume i might not be in control of $PATH if I know I am in absolute control of path.


      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

        Sure, that's what you think. A main point of doing security is that you can never be absolutely sure. Ever.

        ----
        Reinvent a rounder wheel.

        Note: All code is untested, unless otherwise stated

Re: Re: Re: #!$var/bin/perl
by dragonchild (Archbishop) on Mar 13, 2003 at 16:24 UTC
    Actually, you cannot depend on anything in the environment, especially not the path. (Well, you can, until you start running financial applications over the web. Then, you can't.) All of that is considered tainted by -T.

    ------
    We are the carpenters and bricklayers of the Information Age.

    Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

    Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

      Yes I can. It's my computer. It doesn't matter if i'm running it from shell or via a web server, I still control everything, I can depend on my environment.


      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

        If you can depend on your environment, there's no reason not to use a hardcoded path anyway.

        Abigail

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242734]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2014-07-24 04:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (157 votes), past polls