Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

perl -T script.pl and #!/usr/bin/perl -T conflict

by ichimunki (Priest)
on Jan 24, 2001 at 23:22 UTC ( #54086=perlquestion: print w/ replies, xml ) Need Help??
ichimunki has asked for the wisdom of the Perl Monks concerning the following question:

I have a script that has -T on the hashbang line. I normally call it using the Unix method ./script.pl (having chmod 7**'ed it). No problem.

The same script generates a taint error at line 1 when executed using "perl script.pl". This stops the program before it gets started. Everything goes back to normal when using "perl -T script.pl" to execute. But this is less than ideal. I don't want everyone who might use the script to have to learn to use the -T switch when executing.

Is there a way to ensure taint checking without having to explicitly explain this to potential users?

Comment on perl -T script.pl and #!/usr/bin/perl -T conflict
Replies are listed 'Best First'.
perl T-shirt and #!/usr/bin/perl -T conflict
by dws (Chancellor) on Jan 25, 2001 at 07:45 UTC
    When I first saw this thread in Newest Nodes, I misread it as
    perl T-shirt and #!/usr/bin/perl -T conflict
    (I'd recently seen jima's note about the nifty Camel T-shirt, and probably hadn't had enough sleep.)

    But I wonder, doesn't a t-shirt that reads

    #!/usr/bin/perl -w use strict;
    cover only two of the four most common bits of advice handed out here? Wouldn't a truly monastery-compliant t-shirt begin
    #!/usr/bin/perl -Tw use strict; use CGI; # don't reinvent the wheel
    And then, on the back
    (*)++ ( )-- ( )+= 0
      Unless things were very different back then, I'm wondering how ()+= 0 is monastary-compliant.

      --
      Linux, sci-fi, and Nat Torkington, all at Penguicon 3.0
      perl -e 'print(map(chr,(0x4a,0x41,0x50,0x48,0xa)))'
Re: perl -T script.pl and #!/usr/bin/perl -T conflict
by rlk (Pilgrim) on Jan 24, 2001 at 23:54 UTC
    Here's the simple solution.
    #!/usr/bin perl -w print "Script started\n"; eval { exec("perl -wT $0") #Only works if taint mode off }; print "Now we're in taint mode!\n";
    Unfortunately, if your script is suid, this has a gaping security hole, as you've just executed an arbitrary program as root. (Was it /usr/bin/perl as you were expecting, or was it /home/l33t_hax0r/bin/perl? With an insecure $ENV{PATH}, you'll never know.)

    Here's a version that fixes that particular hole

    #!/usr/bin perl -w print "Script started\n"; eval { $ENV{PATH}, exec("/path/to/perl -wT $0") #Only works if ta +int mode off }; print "Now we're in taint mode!\n";
    Eliminating the "useless use of a hash element in void context" message is left as an exercise for the reader. (Hint: look at the is_tainted function example in perlsec)

    --
    Ryan Koppenhaver, Aspiring Perl Hacker
    "I ask for so little. Just fear me, love me, do as I say and I will be your slave."

Re: perl -T script.pl and #!/usr/bin/perl -T conflict
by KM (Priest) on Jan 24, 2001 at 23:34 UTC
    I assume you mean the 'Too late for "-T" option at script.pl line 1.' error. This happens because you have run perl without -T, then when it examines the #! line and sees -T, it realizes you want tainting, but it is too late. You need to make sure -T is passed when using 'perl script.pl'. I know of no way around this, as opposed to aliasing 'perl' with 'perl -T' or some similar lunacy.

    Cheers,
    KM

      Neat related idea (and you know, I have princepawn to thank for making me think about this in the first place) -- you could also have a batch file (as you explained in the CB, you're worried about porting to win32), that calls perl.exe -T %1 (or however that's done =), call it (say) perlrun.bat, stick it in your PATH, and call the script as perlrun script.pl

      Philosophy can be made out of anything. Or less -- Jerry A. Fodor

Re: perl -T script.pl and #!/usr/bin/perl -T conflict
by arturo (Vicar) on Jan 24, 2001 at 23:29 UTC

    I'd just chmod 0755 script.pl so they can all execute it via a simple /path/to/script.pl , then tell 'em *NOT* to run it through the interpreter from the command-line unless they know what they're doing. The message you're getting is probably "Too late for -T switch". I don't think there is any way around this behavior, but if there is, I'm sure someone else who frequents this site does =)

    Philosophy can be made out of anything. Or less -- Jerry A. Fodor

Re: perl -T script.pl and #!/usr/bin/perl -T conflict
by japhy (Canon) on Jan 24, 2001 at 23:46 UTC

      <bad humour> If 'tain't perl, shouldn't that be alias taintperl 'ruby -T' ? </bad humour>

          --k.


Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://54086]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2015-07-08 05:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (94 votes), past polls