PANNEER SELVAN wrote:
> Hi,
>
> I am running a perl program with -T -W switches.. while
> executing system function , i am getting an error like
>
> Insecure $ENV{PATH} while running with -T switch at try.pl
>
> Any idea of solving this problem?
You need to explicilty set $ENV{PATH}, rather that letting it be inherited
from the parent process.
>From perldoc perlsec:
Cleaning Up Your Path
For "Insecure $ENV{PATH}" messages, you need to set $ENV{'PATH'} to a
known value, and each directory in the path must be non-writable by
others than its owner and group. You may be surprised to get this
message even if the pathname to your executable is fully qualified. This
is *not* generated because you didn't supply a full path to the program;
instead, it's generated because you never set your PATH environment
variable, or you didn't set it to something that was safe. Because Perl
can't guarantee that the executable in question isn't itself going to
turn around and execute some other program that is dependent on your
PATH, it makes sure you set the PATH.
The PATH isn't the only environment variable which can cause problems.
Because some shells may use the variables IFS, CDPATH, ENV, and
BASH_ENV, Perl checks that those are either empty or untainted when
starting subprocesses. You may wish to add something like this to your
setid and taint-checking scripts.
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
