# from Smylers
# on Sunday 21 January 2007 11:50 pm:
>Eric Wilhelm writes:
>> If that isn't enough, I suppose you could do "if the env var is an
>> executable, run it and capture the output"?
>
>Nice -- so that if you manage to trick somebody into setting that
>environment variable you can get them to run any code you want the
> next time they install a Cpan module that doesn't explicitly set this
> variable?
Sure. That, and $EDITOR. I don't think defining an environment
variable to point to an executable is a huge issue. If one is running
as root and can't control one's environment, one should shutdown the
computer and replace the disk (yes, that goes for windows too ;-)
--Eric
--
We who cut mere stones must always be envisioning cathedrals.
--Quarry worker's creed
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
