Hi folks,
I have the following code which is part of a script running with -T on a
webserver:
<code>
#$user, $host, and $command are hard-coded further up in the script;
sshopen2("[EMAIL PROTECTED]", *READER, *WRITER, $command) or die "Can't run
command on my_box: $!\n";
while (<READER>) {
chomp;
if ( /Account:(myacct\d{3})/ ) {
$acct = $1;
} elsif ( /Password:(\d{8})/ ) {
$passwd = $1;
} else {
warn "Received invalid data from SSH call\n";
}
}
close READER;
</code>
When I run the script w/o the -T, it runs fine, without a peep. When I
add the -T, I get the following in the error.log:
Insecure dependency in exec while running with -T switch at
/usr/local/perl-5.8.7/lib/5.8.7/IPC/Open3.pm line 244.
According to perlsec, a way to untaint data is by "referencing
subpatterns from a regular expression", which I thought I was doing.
Can anyone shed some light on this?
as always, TIA!
richf
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
