Path: utzoo!attcan!uunet!ogicse!orstcs!sapphire!pvo
From: pvo@sapphire.OCE.ORST.EDU (Paul O'Neill)
Newsgroups: comp.lang.perl
Subject: Re: suid perl
Keywords: suidperl scripts
Message-ID: <21304@orstcs.CS.ORST.EDU>
Date: 26 Oct 90 02:45:04 GMT
References: <1990Oct23.173005.470@cvedc.uucp> <10082@jpl-devvax.JPL.NASA.GOV>
Sender: usenet@orstcs.CS.ORST.EDU
Reply-To: pvo@sapphire.OCE.ORST.EDU (Paul O'Neill)
Organization: Coastal Imaging Lab, Oregon State University, Corvallis, OR
Lines: 18

In article <10082@jpl-devvax.JPL.NASA.GOV> lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) writes:
>
>Just set $ENV{'PATH'} explicitly, so that you aren't relying on the PATH
>the user supplied, which might let them run programs you didn't anticipate.
>

Here's the standard stuff I use to shut up taintperl:

$ENV{'PATH'} = '/bin:/usr/bin:/usr/ucb/bin:/usr/etc';   #security stuff
$path = $ENV{'PATH'};                                   #security stuff
$ENV{'SHELL'} = '/bin/sh' if $ENV{'SHELL'} ne '';       #security stuff
$ENV{'IFS'} = '' if $ENV{'IFS'} ne '';                  #security stuff


Paul O'Neill                 pvo@oce.orst.edu		DoD 000006
Coastal Imaging Lab
OSU--Oceanography
Corvallis, OR  97331         503-737-3251