in reply to Re^4: Using relative paths with taint mode
in thread Using relative paths with taint mode

That fails for a $0 of /tmp/script.cgi. Keep in mind that a caller can provide anything they want for $0; it doesn't need to have any relation to the script whatsoever. (While true for a binary executable, it's a bit different here...)

I think it's ok if you use $RealBin instead of $Bin (which you should be doing anyway[1]), but I wouldn't rule out me overlooking something.


  1. $Bin fails when the program is launched using a symlink.

Seeking work! You can reach me at ikegami@adaelis.com