Re: waiting for new files in a directory

[Mike Bristow]

On Wed, Dec 27, 2000 at 12:53:37PM +0200, Peter Pentchev wrote:
> Btw, anybody reading this discussion - I tried the attached script with
> #!/usr/bin/perl -wT, and Perl died on the unlink() - "unsafe dependency".
> What gives?

$ man perldiag
[snip]
       Insecure dependency in %s
           (F) You tried to do something that the tainting
           mechanism didn't like.  The tainting mechanism is
           turned on when you're running setuid or setgid, or
           when you specify -T to turn it on explicitly.  The
           tainting mechanism labels all data that's derived
           directly or indirectly from the user, who is
           considered to be unworthy of your trust.  If any such
           data is used in a "dangerous" operation, you get this
           error.  See the perlsec manpage for more information.
[snip]

Note that a filename you get from readdir is (indirectly) from the
user, and unlink counts as dangerous.

Basically, you need to "untaint" $fname in OnePass before using it in
the unlink call; this is fairly trivial to do, and if you can't work it 
out from perlsec(1), feel free to contact me off-list.

-- 
Mike Bristow, seebitwopie  


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message