
"be consistent"
	PerlMonks

Re: eval $fh while setuid...

by melguin (Pilgrim)

on Aug 03, 2001 at 18:54 UTC ( [id://102096]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to eval $fh while setuid...

Perhaps something like the following would work:

sub _read_config {
    my $tainted_fh = FileHandle->new("Config_filename", "r");
    if ($tainted_fh -~ /^(.+)$/) { my $fh = $1 }
    eval <$fh>;
    die "Config_filename improperly formatted:\n$@" if ($@);
    $fh->close();
}
[download]

NOTE: leaving the "/^(.+)$/" like that is BAD, BAD, BAD. Make it more specific.

Comment on Re: eval $fh while setuid... Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://102096]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.