
Just another Perl shrine
	PerlMonks

Re: perlsec question

by Rhandom (Curate)

on Dec 13, 2001 at 22:02 UTC ( [id://131817]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to perlsec question

Another place that you can see it manifest is in the following script:

#!/usr/bin/perl -w -T

use strict;
print "hello ($0)\n";

#delete $ENV{$_} for qw(PATH BASH_ENV);
# may need to add more to list, PATH and BASH_ENV
# were all that drove my system crazy

exec "$1 foo"
  if ! @ARGV && $0 =~ m|^([\w\/\.]+)$|;
[download]

Save this into a file and try to run it. It will fail until you uncomment that line. Otherwise, you could be syscalling or execing using unsecure information in the PATH and BASH_ENV variables.

my @a=qw(random brilliant braindead); print $a[rand(@a)];

Comment on Re: perlsec question Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://131817]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.