> does anybody know how to impose the taint ( -T ) mode in perl > in order to secure the usage of scripts ?
I wouldn't use the suggested replacements of the perl interpreter with a script, as that most likely will affect the Cobalt scripts. If that solution works at all. I once attempted something similar while I rewanted to renice all PERL scripts. And fell flat on my nose with that. For those scripts where you want to use tainting you could just change the first line of the respective script to this: #!/usr/bin/perl -T However, in order for the script(s) to still work the programmer must have taken into account that someone might attempt usage with taint checks enabled. If the programmer went the easy way and didn't properly predefine his variables and reuses 'em as he sees fit, then you'll run into script errors. Taint checks and usage of Use::Strict are sure ways to improve script security, but to implement them afterwards into an already finished script is usually a pain and you're better off with a complete rewrite from scratch. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
