Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re: Think beyond Taint and warnings

by echo (Pilgrim)
on Sep 14, 2001 at 19:13 UTC ( #112442=note: print w/replies, xml ) Need Help??

in reply to Think beyond Taint and warnings

I think it's worth mentionning that:

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer $ENV{PATH} = '/bin:/usr/bin:/usr/local/bin';
is not safe practice. With this code we still don't know what's left in %ENV, possibly a malicious environment variable can remain that will affect an application in unforeseen ways. One should not remove information one thinks is unsafe, but rather explicitely set information known to be safe. This is exactly the same mistake as trying to remove unsafe characters from a string before passing it to a shell: the secure way is to do the opposite, remove any character which is not from a known safe set. In the %ENV example I suggest recreating the hash from scratch with known safe values.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://112442]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2022-08-08 13:40 GMT
Find Nodes?
    Voting Booth?

    No recent polls found