* Dave Rolsky <[EMAIL PROTECTED]> [2007-04-15 16:35]:
> On Sun, 15 Apr 2007, Ovid wrote:
> >Just doing "system('svn', 'info', $uri)" can get you an
> >"Insecure $ENV{PATH}" (or something like that) when running in
> >taint mode.
>
> I was going to use File::Which.
What’s the point? File::Which examines the PATH to locate
executables, so whether you do
my $svn = which( 'svn' );
system( $svn, 'status' );
or
system( 'svn', 'status' );
makes no effective difference. I’d attack this directly by
cleaning up $ENV{PATH}:
use Config;
use File::Spec::Functions;
use File::stat;
use Fcntl qw( :mode );
$ENV{PATH} = do {
my $sep = $Config{path_sep};
join $sep, (
map { /(.*)/ }
grep { ! stat($_)->mode & S_IWOTH }
grep { file_name_is_absolute( $_ ) }
split( /\Q$sep/, $ENV{PATH}, -1 ),
);
};
This splits the PATH on its platform-specific separators, weeds
out relative entries, weeds out world-writable directories, and
finally rubberstamps them all as sane, before joining them all
back on the platform’s PATH separator.
Maybe this deserves to go in some module. It took an arguably
unreasonable amount of time to gather and arrange all the cogs,
as the train of modules I ended up pulling in illustrates – and
that’s not even the full list of modules whose docs and source(!)
I referred to.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
