I think it's worth mentionning that:
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
$ENV{PATH} = '/bin:/usr/bin:/usr/local/bin';
is not safe practice. With this code we still don't
know what's left in %ENV, possibly a malicious environment variable can remain that will affect an application in unforeseen ways. One should not remove information one thinks is unsafe, but rather explicitely set information known to be safe. This is exactly the same mistake as trying to remove unsafe characters from a string before passing it to a shell: the secure way is to do the opposite, remove any character which is not from a known safe set. In the %ENV example I suggest recreating the hash from scratch with known safe values.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|