Setup: Perl 5.8, WinXP
I have created the code below to test Taint mode. The testapp.exe
program is actually the standard windows "attrib.exe" but renamed and
placed in my CWD. The program as it is below works as expected, however if swap
the comments on the two $ENV{'PATH'} lines it no longer works and reports an
insecure $ENV{PATH}.
I can't understand why I need to have the windows system32 folder
included in my $ENV{PATH} for the prog to run.
If in a DOS window I reset my OS environment var PATH to simply '.'
(the CWD) the testapp.exe will run as normal in the DOS window, so why
is resetting my $ENV{PATH} to the CWD different?
Thanks
----
#!c:/perl/bin/perl.exe -wT
use strict;
use diagnostics;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Cwd;
my $dir = getcwd();
my $q = new CGI;
print $q->header,
$q->start_html(-title => "External program"),
$q->h2("External command test");
#$ENV{'PATH'} = $dir;
$ENV{'PATH'} = ("C:\\WINDOWS\\system32");
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my @prog1 = ("testapp.exe", "+R", "dummy.txt", "/S");
my $exit_status1 = system(@prog1);
print $q->p("My CWD is $dir"),
$q->p("My 'PATH' is $ENV{'PATH'}"),
$q->p("Exit status1: $exit_status1"),
$q->end_html;
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
