http://qs321.pair.com?node_id=11134738


in reply to Re^3: Insecure CPAN module in taint mode
in thread Insecure CPAN module in taint mode

and shows that you didn't read the whole of perlsec, nor even the few paragraphs in the section called Cleaning Up Your Path

I did!
I put the delete in. Once the error had gone I commented that line out to see if it was necessary and the error did not return. Hence why I didn't include it in the code snippet.

I think that Corion's advice...

Good advice it may be. But on this shared hosting (you remembered correctly) it didn't work - Re^2: Insecure CPAN module in taint mode

Replies are listed 'Best First'.
Re^5: Insecure CPAN module in taint mode
by pryrt (Monsignor) on Jul 06, 2021 at 22:29 UTC
    I put the delete in. Once the error had gone I commented that line out to see if it was necessary and the error did not return.

    Sorry, since your example didn't include the delete, I interpreted that to mean that you hadn't used it. (I've only got what you show me to go on, so that's not an unreasonable interpretation.)

    My first experiment didn't have the delete but did change the PATH, and it wasn't sufficient to remove the taint message; my second experiment added the delete and the taint message went away; in a later experiment, I accidentally forgot the delete, and the taint message came back. So I don't know how the taint message went away for you. I would personally be worried that it will come back unexpectedly; since it doesn't hurt to leave it in, that would be my recommendation.

      I would personally be worried that it will come back unexpectedly; since it doesn't hurt to leave it in, that would be my recommendation

      On that recommendation, it has been added back in...