On 10/23/07, anders <[EMAIL PROTECTED]> wrote:
> I have a program witch calls a test program i PERL
> The testa prorgam gets a filname and parameters in
> Ans supose to just write data to a output file
> But i get an error saying
> "Insecure dependency in open while running setuid at"
I'm not sure what you're trying to say. If you don't speak English
well, please feel free to ask your question in a language that you're
fluent in.
Have you seen what the perldiag manpage has to say about that message?
It means that the open() function was given data from a
possibly-insecure source. That's probably a filename. If you're
getting the filename from the user, you'll need to extract it from a
pattern match, maybe something like this:
chomp(my $filename = <STDIN>);
if ($filename =~ /^(\w+)\z/) {
$filename = $1; # extracted data is considered safe
} else {
die "Disallowed characters in filename: '$filename'";
}
open FILE, $filename or die "Can't open '$filename': $!";
Good luck with it!
--Tom Phoenix
Stonehenge Perl Training
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
