Change 18260 by rgs@rgs-home on 2002/12/08 20:14:57
Document that $ENV{TERM} may produce taint failures.
Subject: Re: [perl #18717] spurious failures in regression test
From: Slaven Rezic <[EMAIL PROTECTED]>
Date: 29 Nov 2002 22:11:46 +0100
Message-ID: <[EMAIL PROTECTED]>
Affected files ...
.... //depot/perl/pod/perldiag.pod#324 edit
Differences ...
==== //depot/perl/pod/perldiag.pod#324 (text) ====
Index: perl/pod/perldiag.pod
--- perl/pod/perldiag.pod#323~18233~ Mon Dec 2 12:03:09 2002
+++ perl/pod/perldiag.pod Sun Dec 8 12:14:57 2002
@@ -1807,9 +1807,9 @@
(F) You can't use system(), exec(), or a piped open in a setuid or
setgid script if any of C<$ENV{PATH}>, C<$ENV{IFS}>, C<$ENV{CDPATH}>,
-C<$ENV{ENV}> or C<$ENV{BASH_ENV}> are derived from data supplied (or
-potentially supplied) by the user. The script must set the path to a
-known value, using trustworthy data. See L<perlsec>.
+C<$ENV{ENV}>, C<$ENV{BASH_ENV}> or C<$ENV{TERM}> are derived from data
+supplied (or potentially supplied) by the user. The script must set
+the path to a known value, using trustworthy data. See L<perlsec>.
=item Integer overflow in %s number
End of Patch.
