> > Hi everybody,
> >
> > I'm having trouble with setting the path to my sendmail program when
> using the -T switch. It's a simple script that creates a
> from, asks for an email adresse and sends an answer after the
> form was submitted. I keep getting the following error
> message although I've set the $ENV{'PATH'} in the script. Can
> anyone help?
> >
> > Error message:
> > Insecure directory in $ENV{PATH} while running with -T switch at
> /usr/local/httpd/cgi-bin/subscribe.pl line 45.
> >
> > Here is a part of the code
> > ________snippet______
> >
> > #!/usr/bin/perl -wT
> > #Pull in modules, create form etc.
> >
> >
> > sub send_mail {
> > my $a = shift;
> > $a = check($a); #sub that check's the email adress
> > print ("Thank your for ordering our Newsletter.");
> > $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
> > open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:
> $!\n"; print SENDMAIL <<"FILE";
> > From: JUVE Newsline <[EMAIL PROTECTED]>
> > To: <$a>
> > .
> > .etc
> >
> > }
> > _____Snippet______
>
> You haven't shown us where you are untainting $ENV{'PATH'}...
> I assume you have read perldoc taint ??
I'm not explicitly untainting $ENV{'PATH'}. As far as I understood
Programming Perl setting the path is enough, but apparently it is not. I
thought only data has to be untained?
>
> How about not shelling out to sendmail in the above manner at
> all, and instead use a module to send your messages? There
> are many available and unless you are a Sendmail pro you
> shouldn't bother with it directly.
I would love to use Mail::Mailer or MimeLite but we are having a bit of
trouble with our ISP and it's always a bit of a hassle to get CPAN
Modules installed.
Marcus
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
