Paul Archer wrote on 30.04.2004: >Tomorrow, Jan Eden wrote: > >>Hi all, >> >>I wrote a little form mail script and start by setting the >>environment variables like this: >> >>BEGIN { $ENV{PATH} = "/usr/sbin"; delete @ENV{ qw( IFS CDPATH ENV >>BASH_ENV) }; >>} >> >Why are you deleting these variables? > Security. I read that restricting the environment variables makes some hacker tasks more difficult. > >>Now the actual directory (.) is obviously not searched anymore, since >> >>my $page_head = eval do('page_head.pl'); >> >>returns an empty $page_head while >> >>my $page_head = eval do('./page_head.pl'); >> >>fills it with the appropriate content. >> >>Commenting the BEGIN block above and printing $ENV{PATH} gives me: >> >>/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/ >>/CoreServices >> >>I cannot see the current working directory in that list (but I admit >>that I am not used to environment variables at all). >> >>Can someone tell me how to restrict $ENV{PATH} but keep the script's >>ability to see something in its own directory? >> >What OS, shell, and version of Perl are you using? On Linux with >bash, and running Perl 5.8.0, I can't reproduce this. >
Mac OS 10.3.3, bash, 5.8.1. Thanks, Jan -- These are my principles and if you don't like them... well, I have others. - Groucho Marx -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>