I just taint gettin' this taint thing. Please banish the darkness.
I've got a cgi program that makes a call to a homegrown package.
The homegrown package (I made successfully!) among several
things tried to run this:
$host = `hostname`;
and of course it failed with this message in apach
John,
Without attempting to answer your question (because I'm not sure I fully
comprehend the situation), you may also want to read the `perldoc perlsec`
security documentation. It has a paragraph specifically about insecure
paths. Not sure it's the answer for you, but it might be.
Regards,
Br
Thanks for the replies. The cookbook also suggested the below. This works
securely.
+60 use POSIX qw(uname);
+61 ($k, $h, $r, $v, $h) = uname();
+62 $hostname = (uname)[1];
Brad Baxter <[EMAIL PROTECTED]> on 10/27/2003 01:29:42 PM
To:[EMAIL PROTECTED]
cc: (bcc:
The taint mechanism tries to protect you from data supplied by a
potentially hostile user. Such data can be trickily constructed to
cause your program to malfunction and provide said user with access to
which they are not entitled. You can ask perl to do taint checking at
any time, but it automat
