beginners

<-- Thread -->

Re: Insecure $ENV{PATH}

From: Douglas Hunter
Subject: Re: Insecure $ENV{PATH}
Date: Sat, 30 Aug 2003 14:59:45 +0000

Panneer Selvan wrote:

Hi,

I am running a perl program with -T -W switches.. while executing system function , i am getting an error like Insecure $ENV{PATH} while running with -T switch at try.pl

Any idea of solving this problem?

The perlsec documentation (run "man perlsec" or "perldoc perlsec") has a section explaining how to make %ENV safer.

<quote_documentation>

The PATH isn’t the only environment variable which can cause problems.
Because some shells may use the variables IFS, CDPATH, ENV, and
BASH_ENV, Perl checks that those are either empty or untainted when
starting subprocesses. You may wish to add something like this to your
setid and taint-checking scripts.

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer

</quote_documentaition>


-
D.P.S

-- Douglas


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Insecure $ENV{PATH}, Bob Showalter
- Re: Insecure $ENV{PATH}, Douglas Hunter

<-- Chronological -->

<-- Thread -->