I think the warning is telling you that something in the shell environment has an insecure permission setting -- e.g. the PATH variable includes a directory that can be written to by anyone (or by some arbitrary group). To see the risk involved, suppose your shell's PATH were set up like this:
PATH=/home/someone/bin:/bin:/usr/bin:/usr/local/bin
and that "/home/someone/bin/" had global write access. Someone could put an executable file there and call it something like "ls" or "find" or "wc"; if you were to run a script in this environment, and the script issues a system call to run a program in /bin or /usr/bin (update: but you didn't specify an absolute path for the program), you would end up running whatever happens to be in /home/someone/bin/ instead.
If your script always uses absolute paths for commands that it tries to execute via system calls, or if it explicitly controls the PATH setting (and if variables you include in the command string have been taint-checked), the warning should go away.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|