diff options
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e21f97f21f..29a9167cf4 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -58,7 +58,10 @@ For example: $path = $ENV{'PATH'}; # $path now tainted $ENV{'PATH'} = '/bin:/usr/bin'; - $ENV{'IFS'} = '' if $ENV{'IFS'} ne ''; + delete $ENV{'IFS'}; + delete $ENV{'CDPATH'}; + delete $ENV{'ENV'}; + $ENV{'TERM'} = 'dumb'; $path = $ENV{'PATH'}; # $path now NOT tainted system "echo $data"; # Is secure now! @@ -79,6 +82,9 @@ For example: exec "echo", $arg; # Secure (doesn't use the shell) exec "sh", '-c', $arg; # Considered secure, alas! + @files = <*.c>; # Always insecure (uses csh) + @files = glob('*.c'); # Always insecure (uses csh) + If you try to do something insecure, you will get a fatal error saying something like "Insecure dependency" or "Insecure PATH". Note that you can still write an insecure B<system> or B<exec>, but only by explicitly |