On Sun, 29 Nov 2009 20:12:08 +0000, Huub van Niekerk wrote:\
> On Sun, 29 Nov 2009 14:30:47 -0500, Shawn H Corey wrote:
>
>> Huub van Niekerk wrote:
>>> Hi,
>>>
>>> I started getting this error after upgrading from Fedora 11 to 12. The
>>> line of code hasn't been changed:
>>>
>>> open my $LPR, '|-', qw/lpr -PDeskJet940C/ or die "can't fork lpr: $!";
>>>
>>> The error is: "Insecure $ENV{PATH} while running with -T switch at"
>>> pointing at the line above. From articles on the net I understand it
>>> has something to do with '|-', though I'm not sure. What can/should I
>>> do about it?
>>
>> Before your `open my $LPR ...` statement, please print out the contents
>> of $ENV{PATH} and post it.
>
> I removed the $ENV lpr attempts, so now I just have the $ENV{'PATH'} =
> "";
>
> path =
>
>
>> Q: Is this a script you run, one run by cron(8), or a CGI?
>
> It is a script I run from Eclipse to print from a MySQL database; not
> used on a daily basis. And I know I'm not a good programmer, and
> probably never will be. Just a hobby for now.
Read this:
http://kb.iu.edu/data/acar.html
to understand what a path is. You will have to set $ENV{PATH} explicitly
in any program that has the -t option even if all commands you call have
absolute paths, the taint mode knows that the path will be inherited by
those programs and is protecting them too.
--
Peter Scott
http://www.perlmedic.com/
http://www.perldebugged.com/
http://www.informit.com/store/product.aspx?isbn=0137001274
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
