[ale] OT: Perl and taint checking
Fletch
fletch at phydeaux.org
Thu Feb 6 11:22:54 EST 2003
>>>>> "Robert" == Robert L Harris <Robert.L.Harris at rdlg.net> writes:
[...]
Robert> The problem is that the second open (MMINFO_Run) is
Robert> complaining about insecure dependancies in an open pipe.
First, the standard rant:
ALWAYS CHECK THE RETURN VALUE FROM open();
Aherm. That out of the way, you never really untaint $SSID. You run
it through s/// and modify it, but you don't extract part of it by
using capturing parens. Re-read perldoc perlsec and things will
eventually clear up.
And two unrelated style nits:
*) you don't really need to shell out to find;
see perldoc File::Find
*) I'd have used $SSID = (split(/\//, $Files))[3];
well, actually I'd probably have used File::Basename, but
that's neither here nor there
--
Fletch | "If you find my answers frightening, __`'/|
fletch at phydeaux.org | Vincent, you should cease askin' \ o.O'
770 294-0820 (m) | scary questions." -- Jules =(___)=
| U
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list