Adam Jimerson wrote:
Gunnar Hjalmarsson wrote:
Adam Jimerson wrote:
are you using the -T switch on your
script? When I tried to open "/usr/bin/mail" with that switch on I get a
error message about an insecure environment command.
Did it just say "insecure environment"? On my box it says: "Insecure
$ENV{PATH} ...", which means that you need to untaint the $ENV{PATH}
variable. The easiest way to do that is:
$ENV{PATH} = '';
Please read more about Perl security in "perldoc perlsec".
I wasn't able to remember what it exactly said, but yes it is about
$ENV{PATH}, on my machine perldoc perlsec is riddled with formating problems
You can always read it online: http://perldoc.perl.org/perlsec.html
Do I need to specify anything for the $ENV{PATH} or do I just leave it
blank
It depends. You have to take into consideration whether your program
relies on any of the paths. If not, it's fine to leave it blank.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
