in reply to Re: Safely capturing the output of an external program
in thread Safely capturing the output of an external program
Untainting might work though; if the filename matches, say, q/^[A-Za-z0-9]+\.tfm$/, it's probably safe to pass it through any shell. But I've never liked that approach, and "probably" is a dangerous word.
In Section Seekers of Perl Wisdom