home *** CD-ROM | disk | FTP | other *** search
/ NetNews Usenet Archive 1992 #31 / NN_1992_31.iso / spool / comp / lang / perl / 7602 < prev    next >
Encoding:
Text File  |  1992-12-23  |  1.1 KB  |  32 lines
  1. Newsgroups: comp.lang.perl
  2. Path: sparky!uunet!timbuk.cray.com!hemlock.cray.com!roehrich
  3. From: roehrich@cray.com (Dean Roehrich)
  4. Subject: Re: setuid question
  5. Message-ID: <1992Dec23.172428.8929@hemlock.cray.com>
  6. Lines: 20
  7. Nntp-Posting-Host: fig36
  8. Organization: Cray Research, Inc.
  9. References: <1992Dec23.211810.9925@uvaarpa.Virginia.EDU> <1992Dec23.213406.22114@porthos.cc.bellcore.com>
  10. Date: 23 Dec 92 17:24:27 CST
  11.  
  12. In article <1992Dec23.213406.22114@porthos.cc.bellcore.com> rdm2@donner.cc.bellcore.com (mcburnett,roe d) writes:
  13. >In article <1992Dec23.211810.9925> gaspar@st-louis-emh2.army.mil writes:
  14. >>    1.  open(FOO,"ps ax|");
  15. >>    2.  open(FOO,"-|") || exec 'ps -af';
  16. >>
  17. >>Tainperl keeps saying that my path is insecure.  Is there a way to do
  18. >>this?  Thanks for the help.
  19. >
  20. >Try "/bin/ps ax|" instead.
  21.  
  22. You must go one step beyond this, actually.  Taintperl will not execute
  23. another process while the PATH environment variable is tainted.  By using
  24. absolute pathnames you really do not address the problem as far as taintperl
  25. is concerned.
  26.  
  27. Add  $ENV{PATH}="some/suitable/path"
  28. early in the script/program to untaint the path.
  29.  
  30. Dean Roehrich
  31. roehrich@cray.com
  32.