Hi, On Wed, Jan 22, 2003 at 07:03:27AM -0000, Sandeep Giri wrote: > > > Hi All, > In my PERL code,I am using user's input as command line argument for the > program being executed by System(). > Can user run command of his choice by giving malicious input? > Is PERL's -T (Taint mode) the solution for this? I do not have any experiences with tainted mode but maybe these lines will help: $filename=userinput(); $filenameq=quotemeta($filename); system("echo $filenameq"); $filename will be interpreted as single parameter. FBO
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 09:31:12 PST