On Wed, Dec 27, 2000 at 12:53:37PM +0200, Peter Pentchev wrote:
> Btw, anybody reading this discussion - I tried the attached script with
> #!/usr/bin/perl -wT, and Perl died on the unlink() - "unsafe dependency".
> What gives?
$ man perldiag
[snip]
Insecure dependency in %s
(F) You tried to do something that the tainting
mechanism didn't like. The tainting mechanism is
turned on when you're running setuid or setgid, or
when you specify -T to turn it on explicitly. The
tainting mechanism labels all data that's derived
directly or indirectly from the user, who is
considered to be unworthy of your trust. If any such
data is used in a "dangerous" operation, you get this
error. See the perlsec manpage for more information.
[snip]
Note that a filename you get from readdir is (indirectly) from the
user, and unlink counts as dangerous.
Basically, you need to "untaint" $fname in OnePass before using it in
the unlink call; this is fairly trivial to do, and if you can't work it
out from perlsec(1), feel free to contact me off-list.
--
Mike Bristow, seebitwopie
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message