Craig A. Berry wrote:
On Dec 9, 2008, at 10:30 PM, John E. Malmberg wrote:
Tainting DCL$PATH has no effect on Perl on VMS.
But DCL$PATH will be used by DCL after invoking system() or backticks in
a manner very similar to how PATH is used on other systems. Tainting is
specifically designed to handle just such interactions with the outside
world.
That logical name is not currently used internal to Perl so it never
gets checked to see if it is tainted.
Opps, I only checked VMS.c
Check again:
$ search *.c dcl$path
******************************
D0:[CRAIG.perl]mg.c;1
if (s && klen == 8 && strEQ(ptr, "DCL$PATH")) {
do { /* DCL$PATH may be a search list */
******************************
D0:[CRAIG.perl]taint.c;1
char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
len = my_sprintf(name,"DCL$PATH;%d", i);
taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
******************************
D0:[CRAIG.perl]util.c;1
(!hasdir && my_trnlnm("DCL$PATH",tmpbuf,idx++)) )
It is still a TODO problem, with scratch directory set to world
writeable, those two tests cases are failing.
-John
[EMAIL PROTECTED]
Personal Opinion Only
