Re: [Patch] Apache::TestConfigParse and Taint mode

Stas Bekman Sat, 08 Sep 2001 01:50:53 -0700

On Sat, 8 Sep 2001, Philippe M . Chiasson wrote:

> Small patch to supress an annoying taint warning

Philippe, please inline the patches, so we could comment on these.

> And btw, this isn't safe at all, isn't it? It's just bypassing the
> taint checking... Should it be fixed or what?

According to perlsec manpage this is what should be done:

           $ENV{'PATH'} = '/bin:/usr/bin';
           delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

hence in this particular case the patch should be:

  local %ENV;
  delete @ENV{ qw(PATH IFS CDPATH ENV BASH_ENV) };

_____________________________________________________________________
Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]   http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Patch] Apache::TestConfigParse and Taint mode

Reply via email to