Here's the simple solution.
#!/usr/bin perl -w
print "Script started\n";
eval {
exec("perl -wT $0") #Only works if taint mode off
};
print "Now we're in taint mode!\n";
Unfortunately, if your script is suid, this has a gaping security hole, as you've just executed an arbitrary program as root. (Was it
/usr/bin/perl as you were expecting, or was it
/home/l33t_hax0r/bin/perl? With an insecure $ENV{PATH}, you'll never know.)
Here's a version that fixes that particular hole
#!/usr/bin perl -w
print "Script started\n";
eval {
$ENV{PATH}, exec("/path/to/perl -wT $0") #Only works if ta
+int mode off
};
print "Now we're in taint mode!\n";
Eliminating the "useless use of a hash element in void context" message is left as an exercise for the reader. (Hint: look at the
is_tainted function example in
perlsec)
--
Ryan Koppenhaver, Aspiring Perl Hacker
"I ask for so little. Just fear me, love me, do as I say and I will be your slave."
