[Israel.pm] Early moring security issues

Yuval Yaari yuval at windax.com
Sat May 29 09:16:48 PDT 2004


Why not use a config file?
Or some installer script...

Wasn't there an article on slashdot on this bioinformatics guy that
shows you how he makes his programs very easy to "install anywhere"?

I'll look for it when I finish installing kernel modules for my ATI 9600
on SuSE 9.1.

  --Yuval

P.S: Evolution is amazing, I can't believe I used mozilla mail until
now!


On Sat, 2004-05-29 at 12:24, Gabor Szabo wrote:
> In a CGI environment a lot of times I use relative directories
> to hold my data:
> 
> ..../cgi/script.pl
> ..../data/data.txt
> 
>     to make it easy to install anywhere I
> 
> use FindBin qw($Bin);
> 
>     to locate my cgi script and from there I use
> 
> open my $fh, ">", "$Bin/../data/data.txt" or complain();
> 
>     to open the file.
> 
>     The only problem is that $Bin is tainted and the above script
>     does not pass taint checking. So I have to add:
> 
> # we blindly trust FindBin and want to silence Taint checking
> BEGIN {
>     if ($Bin =~ /(.*)/) {
>         $Bin = $1;
>     }
> }
> 
> 
> 
> 
> Any other, maybe even preferable method that our trusted network of Perl
> enthusiastic would volunteer out on the list ?
> 
> 
> Gabor





More information about the Perl mailing list