> > my ($untainted, $params) = $binary =~ /^(\S+)\s*(.*)$/; > > > > open(CPW,"|$untainted $params 3<&0");
What exactly is our security policy wrt trusting our configuration files?
This seems like a case where the best would be to have the plugin
look for checkpassword in /var/qmail/bin (for historic reasons) and
document which source file to touch if yours is elsewhere.
We could build a true if we can't find true with `which true`
my $true = 'sh -c exit'
