taint

Why doesn't a pipe open work under Perl's taint mode?

My original script is as follows: my $cmd = "dir"; open (H, "$cmd |"); my @result = <H>; close (H); print STDERR @result,"\n"; This scripts works fine. If I add following line to the script, it fails to work: $ENV{"LD_LIBRARY_PATH"} = "/opt/VRTSsfmh/lib"; $ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin"; delete @ENV{'IFS', 'CDPATH', 'ENV',...

What's a good Perl regex to untaint an absolute path?

Well, I tried and failed so, here I am again. I need to match my abs path pattern. /public_html/mystuff/10000001/001/10/01.cnt I am in taint mode etc.. #!/usr/bin/perl -Tw use CGI::Carp qw(fatalsToBrowser); use strict; use warnings; $ENV{PATH} = "bin:/usr/bin"; delete ($ENV{qw(IFS CDPATH BASH_ENV ENV)}); I need to open the same...

Perl's taint mode in PHP

Just wondering... is there a PHP equivalent to Perl's Taint Mode? I don't think there is, but thought I'd ask. ...

Is Perl's taint mode useful?

perl -T Do you use it? Does it helps you to find security holes in your Perl scripts? ...

How do I set the taint mode in a perl script with a '#!/usr/bin/env perl'- shebang?

Hello, how do I set the taint mode in a perl script with a #!/usr/bin/env perl shebang? ...

taint-mode perl: preserve suid when running external program via system()

I'm trying to add a feature to a legacy script. The script is suid, and uses perl -T (taint mode: man perlsec), for extra security. The feature I need to add is implemented in Python. My problem is that I can't convince perlsec to preserve the suid permissions, no matter how much I launder the environment and my command lines. This is...

How can I invoke /sbin/iptables from a Perl CGI under taint mode?

When I invoke "sudo /sbin/iptables ..." in my Perl CGI scripts, I get the error: Insecure dependency in system while running with -T switch at usr/lib/perl5/vendor_perl/5.8.8/IPC/Run3.pm line 403 I tried to add "/sbin:/etc/sysconf:/etc/init.d" in $ENV{'PATH'} but still no success. Anybody has any idea? ...