You are using perl -T. $messnum is not untainted, because you get it on
the command line or whatever, which perl doesn't like in taint mode in
a
SUID root program (it might contain for instance
../../../etc/password).
The C program preventing you from doing this is /usr/bin/perl.
I assume:
$msg = $messnum + 0;
or:
$messnum ~= /^(\d+)$/;
then:
$msg = $1;
open FOO, "> /var/qmail/queue/$msg";
would work.
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
- Please Help: Concerning Qmail Footers. (fwd) Masuo Jeff Gates
- Re: Please Help: Concerning Qmail Footers. (fwd) Masuo Jeff Gates
- Re: Please Help: Concerning Qmail Footers. (fwd) Magnus Bodin
- Fred Lindberg
