diff options
| author | Perl 5 Porters <perl5-porters@africa.nicoh.com> | 1997-05-08 00:00:00 +1200 |
|---|---|---|
| committer | Chip Salzenberg <chip@atlantic.net> | 1997-05-08 00:00:00 +1200 |
| commit | 7bac28a0157dcaf170649e8928f053f76dda4253 (patch) | |
| tree | 88eadd917e84141a07d7cf3db90686edb67fe5a6 /pod/perlsec.pod | |
| parent | eb447b8692d1c89cd24ab421497dcff667570be4 (diff) | |
| download | perl-7bac28a0157dcaf170649e8928f053f76dda4253.tar.gz | |
[inseparable changes from match from perl-5.003_99 to perl-5.003_99a]
BUILD PROCESS
Subject: AFS patches
From: Chip Salzenberg <chip@perl.com>
Files: Configure installperl
CORE LANGUAGE CHANGES
Subject: SECURITY: Forbid glob() when tainting (-T or setuid)
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlrun.pod pod/perlsec.pod pp_sys.c
Subject: SECURITY: Forbid exec() if $ENV{TERM} or $ENV{ENV} is tainted
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c
CORE PORTABILITY
Subject: (NeXT|Open)Step update
Date: Wed, 7 May 97 17:47:02 -0500
From: Gerd Knops <gerti@BITart.com>
Files: Configure MANIFEST config_h.SH hints/next_3.sh hints/next_4.sh
private-msgid: 9705072247.AA18882@BITart.com
Subject: Win32 update (consolidated patch plus three followups)
From: Gurusamy Sarathy <gsar@engin.umich.edu>
Files: EXTERN.h README.win32 lib/Sys/Hostname.pm pod/perldelta.pod win32/config.H win32/config.w32 win32/config_sh.PL win32/perllib.c win32/win32.c win32/win32.h win32/include/sys/socket.h
DOCUMENTATION
Subject: Updates to perldelta
From: Chip Salzenberg <chip@perl.com>
Files: pod/perldelta.pod
Subject: Document 'Possible attempt to separate words with commas'
Date: 06 May 1997 23:27:55 +0200
From: Gisle Aas <gisle@aas.no>
Files: pod/perlop.pod
Msg-ID: hyb9snvdw.fsf@bergen.sn.no
(applied based on p5p patch as commit 18270fd3b8aafde2f9ea21ea13adde95ef24b149)
Subject: Document that C<m?x?> is just like C<?x?>
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlop.pod
OTHER CORE CHANGES
Subject: Fix for redefined sort subs nastiness
Date: Thu, 08 May 1997 20:04:18 -0400
From: Gurusamy Sarathy <gsar@engin.umich.edu>
Files: op.c pod/perldelta.pod pod/perldiag.pod sv.c t/op/sort.t
Msg-ID: 199705090004.UAA15032@aatma.engin.umich.edu
(applied based on p5p patch as commit e9e069932a0db06904b29e2b09a435afd40ed35c)
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e21f97f21f..29a9167cf4 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -58,7 +58,10 @@ For example: $path = $ENV{'PATH'}; # $path now tainted $ENV{'PATH'} = '/bin:/usr/bin'; - $ENV{'IFS'} = '' if $ENV{'IFS'} ne ''; + delete $ENV{'IFS'}; + delete $ENV{'CDPATH'}; + delete $ENV{'ENV'}; + $ENV{'TERM'} = 'dumb'; $path = $ENV{'PATH'}; # $path now NOT tainted system "echo $data"; # Is secure now! @@ -79,6 +82,9 @@ For example: exec "echo", $arg; # Secure (doesn't use the shell) exec "sh", '-c', $arg; # Considered secure, alas! + @files = <*.c>; # Always insecure (uses csh) + @files = glob('*.c'); # Always insecure (uses csh) + If you try to do something insecure, you will get a fatal error saying something like "Insecure dependency" or "Insecure PATH". Note that you can still write an insecure B<system> or B<exec>, but only by explicitly |