On Sat, Sep 08, 2001 at 05:15:19PM +0800, Stas Bekman wrote:
> On Sat, 8 Sep 2001, Philippe M . Chiasson wrote:
>
> > Small patch to supress an annoying taint warning
>
> Philippe, please inline the patches, so we could comment on these.
Sure thing Stas. Will do that next time. Or do you prefer me to resend them all?
> > And btw, this isn't safe at all, isn't it? It's just bypassing the
> > taint checking... Should it be fixed or what?
>
> According to perlsec manpage this is what should be done:
>
> $ENV{'PATH'} = '/bin:/usr/bin';
> delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
>
> hence in this particular case the patch should be:
>
> local %ENV;
> delete @ENV{ qw(PATH IFS CDPATH ENV BASH_ENV) };
Simple curiosity : What about non-unixes OSes?
> _____________________________________________________________________
> Stas Bekman JAm_pH -- Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide http://perl.apache.org/guide
> mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/
> http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
>
>
--
Philippe M. Chiasson <[EMAIL PROTECTED]>
Extropia's Resident System Guru
http://www.eXtropia.com/
When you rewrite a compiler from scratch, you sometimes fix
things you didn't know were broken.
-- Larry Wall
perl -e '$$=\${gozer};{$_=unpack(P26,pack(L,$$));/^Just Another Perl
Hacker!\n$/&&print||$$++&&redo}'
PGP signature
