[Israel.pm] Early moring security issues
Gabor Szabo
gabor at perl.org.il
Sat May 29 02:24:46 PDT 2004
In a CGI environment a lot of times I use relative directories
to hold my data:
..../cgi/script.pl
..../data/data.txt
to make it easy to install anywhere I
use FindBin qw($Bin);
to locate my cgi script and from there I use
open my $fh, ">", "$Bin/../data/data.txt" or complain();
to open the file.
The only problem is that $Bin is tainted and the above script
does not pass taint checking. So I have to add:
# we blindly trust FindBin and want to silence Taint checking
BEGIN {
if ($Bin =~ /(.*)/) {
$Bin = $1;
}
}
Any other, maybe even preferable method that our trusted network of Perl
enthusiastic would volunteer out on the list ?
Gabor
More information about the Perl
mailing list