pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: perl 5.10 question

> {122} zcat /var/log/authlog.0.gz | /etc/sshdict.perl

Where does this script come from? It's not part of the NetBSD distribution
as far as I can tell.

The short version of tainting is "don't involve any untrusted data
with system calls". In this case, inheritng environment variables from
the shell instead of setting them yourself is verboten according to the
tainting mechanism. Doing something like
$ENV{PATH} = '/usr/bin:/bin:/usr/sbin:/sbin';
might be enough to make the tainting mechanism happy, although if
said data is used in potentially unsafe ways, it might not suffice.

It looks like Date::Manip::TZ tries invoking a bunch of random stuff
via backticks; I have no idea if that code is present in earlier
versions of perl and/or Date::Manip. 

Home | Main Index | Thread Index | Old Index