Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^4: One true regexp for untainting windows filenames?

by jaldhar (Vicar)
on Jan 09, 2009 at 19:42 UTC ( #735283=note: print w/ replies, xml ) Need Help??


in reply to Re^3: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?

To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error.

I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking.

Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else.

--
જલધર


Comment on Re^4: One true regexp for untainting windows filenames?
Select or Download Code
Re^5: One true regexp for untainting windows filenames?
by ikegami (Pope) on Jan 09, 2009 at 19:59 UTC

    Safe to use in qx//; in taint mode

    In such general terms, it's impossible. You can make it so qx// doesn't croak, but you can't make it safe. Need more info.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://735283]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2015-07-07 04:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (87 votes), past polls