Which reminds me... I've been using the #!/usr/bin/env
perl shebang for easier distribution, but env doesn't
like switches. Is there a way to set taint mode via
`use` or the like (ala use warnings; for -w). I can't
seem to locate anything in the manuals other than the
-T flag.
Correct me if I'm wrong, but the primary reason for using
#!/usr/bin/env perl
is to avoid hardcoding the path to perl. The #! requires an absolute
path, and so if you use #!/usr/bin/perl, you wont work if the
customer is using /usr/local/bin/perl.
On the other hand, Taint mode's purpose is to ensure that your
program cannot do anything nefarious due to user input.
In this case, the user's PATH environment variable would control
which perl you executed, thus rendering all actions suspect.
Generally the first thing a Taint mode program would do is clear the
PATH environment variable to '/bin:/sbin' or the like.
Thus any attempt to use both "/usr/bin/env perl" and taint mode is
fraught with danger.
Regardless, the only place you can use the -T switch is on the
command line unless the script is executed directly in which case the
#! line must be an absolute path to perl.
I have some vague memories of some sort of hack to do something along
the lines of:
#!/bin/sh
perl -T $0 (or whatever the variable is for this script path).
with some magic to hide the perl command from the perl interpreter.
But my memory is insufficient to the task and this would still leave
you susceptible to the user's PATH which you may want to support but
which is quite dangerous to combine with Taint mode.
Enjoy,
Peter.
--
I was away from Feb 12 - Feb 19, sorry for any email delays.
<http://www.stairways.com/> <http://download.stairways.com/>
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
