[Israel.pm] Early moring security issues

Gabor Szabo gabor at perl.org.il
Sat May 29 02:24:46 PDT 2004


In a CGI environment a lot of times I use relative directories
to hold my data:

..../cgi/script.pl
..../data/data.txt

    to make it easy to install anywhere I

use FindBin qw($Bin);

    to locate my cgi script and from there I use

open my $fh, ">", "$Bin/../data/data.txt" or complain();

    to open the file.

    The only problem is that $Bin is tainted and the above script
    does not pass taint checking. So I have to add:

# we blindly trust FindBin and want to silence Taint checking
BEGIN {
    if ($Bin =~ /(.*)/) {
        $Bin = $1;
    }
}




Any other, maybe even preferable method that our trusted network of Perl
enthusiastic would volunteer out on the list ?


Gabor




More information about the Perl mailing list