On Thu, 17 Feb 2000, I wrote: > Perl's tainting mechanism only comes into play if you are invoking a > external command in some way: via system, exec, backticks, or opening a > filehandle to or from a pipe. For example, I need to correct myself here, before Randall does it for me. :) Perl's tainting mechanism will also come into play when opening a filehandle for writing: [bsides@koala /tmp]$ cat splort.pl #!/usr/bin/perl -T $ENV{PATH}=''; # we need a safe path $ENV{BASH_ENV}=''; # and a safe bash env open(PW, ">$ARGV[0]") or die $!; print PW "splort\nsplort\nsplort\n"; __END__ [bsides@koala /tmp]$ ./splort.pl splort Insecure dependency in open while running with -T switch at ./splort.pl line 4. -- Brock Sides Unix Systems Administration Towery Publishing bsidesat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:54 PDT