Re: Perl Problems

To: debian-perl@lists.debian.org
Subject: Re: Perl Problems
From: Don Armstrong <don@debian.org>
Date: Tue, 15 Mar 2005 19:53:51 -0800
Message-id: <[🔎] 20050316035351.GA18304@archimedes.ucr.edu>
Mail-followup-to: debian-perl@lists.debian.org
In-reply-to: <[🔎] 20050316021345.650CA1012F@P450.internal.cowart.net>
References: <[🔎] 20050316021345.650CA1012F@P450.internal.cowart.net>

On Tue, 15 Mar 2005, Jefferson Cowart wrote:
> (PowerPC Box)# ./selfscan.cgi
> Insecure $ENV{PATH} while running with -T switch at ../../lib/POSIX.pm
> (autosplit into ../../lib/auto/POSIX/getcwd.al) line 667.

It would be nice to see the selfscan.cgi script as well, but even
without that, the problem is most likely because you're using
something that depends on $ENV{PATH} without first sanitizing
$ENV{PATH}.

Most likely only one of the scripts is running with -T, or
setuid|setgid. [Unless there really is a difference in getcwd.al
between ppc and x86... I haven't seen it myself, though.]

Don Armstrong

-- 
You could say she lived on the edge... Well, maybe not exactly on the edge,
just close enough to watch other people fall off.
  -- hugh macleod http://www.gapingvoid.com/batch8.htm

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

Follow-Ups:
- RE: Perl Problems
  - From: "Jefferson Cowart" <jeff@cowart.net>

References:
- Perl Problems
  - From: "Jefferson Cowart" <jeff@cowart.net>

Prev by Date: Perl Problems
Next by Date: RE: Perl Problems
Previous by thread: Perl Problems
Next by thread: RE: Perl Problems
Index(es):
- Date
- Thread