Paul Archer wrote on 30.04.2004:
>Tomorrow, Jan Eden wrote:
>
>>Hi all,
>>
>>I wrote a little form mail script and start by setting the
>>environment variables like this:
>>
>>BEGIN { $ENV{PATH} = "/usr/sbin"; delete @ENV{ qw( IFS CDPATH ENV
>>BASH_ENV) };
>>}
>>
>Why are you deleting these variables?
>
Security. I read that restricting the environment variables makes some hacker tasks
more difficult.
>
>>Now the actual directory (.) is obviously not searched anymore, since
>>
>>my $page_head = eval do('page_head.pl');
>>
>>returns an empty $page_head while
>>
>>my $page_head = eval do('./page_head.pl');
>>
>>fills it with the appropriate content.
>>
>>Commenting the BEGIN block above and printing $ENV{PATH} gives me:
>>
>>/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/
>>/CoreServices
>>
>>I cannot see the current working directory in that list (but I admit
>>that I am not used to environment variables at all).
>>
>>Can someone tell me how to restrict $ENV{PATH} but keep the script's
>>ability to see something in its own directory?
>>
>What OS, shell, and version of Perl are you using? On Linux with
>bash, and running Perl 5.8.0, I can't reproduce this.
>
Mac OS 10.3.3, bash, 5.8.1.
Thanks,
Jan
--
These are my principles and if you don't like them... well, I have others. - Groucho
Marx
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
