Re: Opening a pipe when taint mode is enabled

2009-01-11 Thread Gunnar Hjalmarsson
Adam Jimerson wrote: On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote: Adam Jimerson wrote: It seams I over looked the space, is it possible to include spaces in the search string? Of course it is. What you call search string is a regular expression. Obviously you have some r

Re: Opening a pipe when taint mode is enabled

2009-01-11 Thread Adam Jimerson
On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote: > Adam Jimerson wrote: > > Gunnar Hjalmarsson wrote: > >> You don't say what to do if the untainting fails. This code: > > >> if ($name =~ /^([...@\w.]+)$/) { > >> $name = $1; > >> }; > > >> should better be: > > >> if ($name =~ /^([

Re: Opening a pipe when taint mode is enabled

2009-01-11 Thread Gunnar Hjalmarsson
Adam Jimerson wrote: Gunnar Hjalmarsson wrote: You don't say what to do if the untainting fails. This code: if ($name =~ /^([...@\w.]+)$/) { $name = $1; }; should better be: if ($name =~ /^([...@\w.]+)$/) { $name = $1; } else { die "Untainting of the name failed"; } Please consider, for inst

Re: Opening a pipe when taint mode is enabled

2009-01-11 Thread Adam Jimerson
Gunnar Hjalmarsson wrote: > Adam Jimerson wrote: >> I attached my code for my program, > > You don't say what to do if the untainting fails. This code: > > if ($name =~ /^([...@\w.]+)$/) { > $name = $1; > }; > > should better be: > > if ($name =~ /^([...@\w.]+)$/) { > $name = $1; > } else { >