Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: Re: So, now what are taints?

by matija (Priest)
on Mar 29, 2004 at 05:54 UTC ( #340515=note: print w/replies, xml ) Need Help??

in reply to Re: So, now what are taints?
in thread So, now what are taints?

You are forgetting not mentioning that there are actualy two pieces of data there that need untainting: one is the domain parameter obtained from the CGI, but the other is the PATH of your program. If you use backticks like that, and don't set up your PATH explicitly, perl -T will complain.

That appears not to make sense in a CGI environment, but it makes a lot of sense when you're writing setuid root scripts that can be run from the command line.

Replies are listed 'Best First'.
Re: Re: Re: So, now what are taints?
by cLive ;-) (Prior) on Mar 29, 2004 at 06:08 UTC
    Indeed. Sorry - but it is mentioned in the article I linked to that I wrote on untainting :)

    cLive ;-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://340515]
[ambrus]: choroba: heh heh... I have such a doc bug report somewhere. fixed by now.
[Corion]: Once upon a time I had automatic tests for checking the synopsis, but I stopped doing that because the setup was too fragile on CPAN testers for extracting code from the SYNOPSIS.
[Corion]: Maybe I should move the extraction of the code from the SYNOPSIS section into the author tests, or something like that...
[choroba]: Corion Sounds reasonable
[Corion]: choroba: Yeah - I basically have the same for regenerating README and README.mkdown already, except that I do that in Makefile.PL, but I guess one or the other thing should somehow work ;)
[ambrus]: was this bug: https://rt.cpan. org/Public/Bug/ Display.html?id= 59814

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (10)
As of 2017-02-27 12:14 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (383 votes). Check out past polls.