http://qs321.pair.com?node_id=11134721


in reply to Re: Insecure CPAN module in taint mode
in thread Insecure CPAN module in taint mode

In your code you don't show how you set $ENV{PATH} to a fixed value - I would start with that...

That's because I don't!
Nowhere in my code have I set $ENV{PATH} so it is either part of the server configuration or it is set by another module. These are the ones I am using:

use DBI; use DBD::mysql; use Exporter; use Template; use MIME::Lite;

Update:
Printing $ENV{PATH} gives /usr/local/bin:/usr/bin:/bin

Replies are listed 'Best First'.
Re^3: Insecure CPAN module in taint mode
by marto (Cardinal) on Jul 06, 2021 at 20:07 UTC

    PATH_(variable), Env.

    marto@Marto-Desktop:~$ echo $PATH /home/marto/perl5/perlbrew/bin:/home/marto/perl5/perlbrew/perls/perl-5 +.32.1/bin:/home/marto/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/ +sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/home/ +marto/.local/bin:/home/marto/.local/bin:/snap/bin/openjdk/bin marto@Marto-Desktop:~$ ./path.pl /home/marto/perl5/perlbrew/bin:/home/marto/perl5/perlbrew/perls/perl-5 +.32.1/bin:/home/marto/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/ +sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/home/ +marto/.local/bin:/home/marto/.local/bin:/snap/bin/openjdk/bin marto@Marto-Desktop:~$ cat path.pl #!/usr/bin/perl print "$ENV{PATH}\n";
Re^3: Insecure CPAN module in taint mode
by afoken (Canon) on Jul 06, 2021 at 21:31 UTC
    In your code you don't show how you set $ENV{PATH} to a fixed value - I would start with that...

    That's because I don't!

    That means you haven't thoroughly read perlsec or Re: When not to use taint mode. (Yes, the latter contains a relevant update. It was added a few minutes after posting, three weeks ago.)

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)