PERL CGI Beginners - Insecure $ENV{PATH}

Author

Insecure $ENV{PATH}

Lecca Paola

2006-06-17, 7:56 am

Trying to write the processes input of an hatml form via a cgi script I
get this error message:

Software error:

Insecure $ENV{PATH} while running with -T switch at
/usr/local/apache2/cgi-bin/post.cgi line 357.

It concerns the following lines of my cgi script

....

$ENV{PATH} = "/usr/local/apache2/cgi-bin";

open(OUTF,">>execute.ml") or &dienice("Can't open execute.ml for writing:
$!");

....

What does this error mean and how can I solve it?

Thanks a lot in advance,
Paola.

Paul Archer

2006-06-17, 7:56 am

From 'perldoc -q taint'
Found in /usr/lib/perl5/5.8.8/pod/perlfaq7.pod
How can I tell if a variable is tainted?

You can use the tainted() function of the Scalar::Util module,
available from CPAN (or included with
Perl since release 5.8.0). See also "Laundering and Detecting
Tainted Data" in perlsec.

That points to perlsec, so try
'perldoc perlsec'

Paul

2:59pm, Lecca Paola wrote:

>
> Trying to write the processes input of an hatml form via a cgi script I get
> this error message:
>
> Software error:
>
> Insecure $ENV{PATH} while running with -T switch at
> /usr/local/apache2/cgi-bin/post.cgi line 357.
>
>
> It concerns the following lines of my cgi script
>
> ...
>
> $ENV{PATH} = "/usr/local/apache2/cgi-bin";
>
> open(OUTF,">>execute.ml") or &dienice("Can't open execute.ml for writing:
> $!");
>
> ...
>
> What does this error mean and how can I solve it?
>
> Thanks a lot in advance,
> Paola.
>
>
> --
> To unsubscribe, e-mail: beginners-cgi-unsubscribe@perl.org
> For additional commands, e-mail: beginners-cgi-help@perl.org
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
>
>

-----------------------------------------------
"Working with babies had its problems...
but then I tried working with chickens."
Jim Henson, talking about making "Labyrinth"
-----------------------------------------------

Sponsored Links