Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!rutgers!mcnc!uvaarpa!mmdf
From: telxon!teleng!gorpong@uunet.uu.net (Gordon C. Galligher)
Newsgroups: comp.lang.perl
Subject: Re: Disabling "Taintedness" of variables
Message-ID: <1990Jul5.153704.14856@uvaarpa.Virginia.EDU>
Date: 5 Jul 90 15:37:04 GMT
Sender: mmdf@uvaarpa.Virginia.EDU (Uvaarpa Mail System)
Reply-To: telxon!teleng!gorpong@uunet.uu.net
Organization: The Internet
Lines: 36

<> 
[...basically bitching about taintedness of variables, and how I really do
 know what I'm doing :-]

<> That doesn't work because the very end when I want to chdir to their home
<> directory (found in the other password file) perl reports:
<> 
<> Insecure dependency in chdir at line ....
<> 

Fixed the problem.  I was doing the following:

	if ( open(PWD, "$LOCALPASS") )
	{
	    while (! eof(PWD) )
	    {
		$line = <PWD>; chop $line;
		@pwd  = split(/:/, $line);
		.....

Since $line was tainted, the split() didn't untaint it.  I changed it to:

	if ( open(PWD, "$LOCALPASS") )
	{
	    while (! eof(PWD) )
	    {
		$line =  <PWD>; chop $line;
		$line =~ /^(.+):(.*):(.+):(.+):(.*):(.+):(.*)$/;
		($user, $pass, ... ) = ($1, $2, ...);

This caused $user, $pass, etc., to be untainted.  Very wierd, but it was
documented in the manual page (in the dregs of the manual page :-)  It
took quite a few readings of it before I understood that this was my way
out.  Oh well.  Thanks anyway!

		-- Gordon.