Path: utzoo!attcan!uunet!samsung!usc!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.lang.perl
Subject: Re: taintedness
Message-ID: <10260@jpl-devvax.JPL.NASA.GOV>
Date: 6 Nov 90 18:38:31 GMT
References: <55514@brunix.UUCP>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 34

In article <55514@brunix.UUCP> jsb@cs.brown.edu (John Bazik) writes:
: In moving some scripts I wrote under pl18 to pl37, I ran across this:
: 
: 	Insecure PATH at /cs/lib/admin/perl/file.pl line 458.
: 
: The offending statement is:
: 
: 	sub main'getwd {
: >>>		$_ = `/usr/bin/pwd`;
: 		chop;
: 		return $_;
: 	}
: 
: I think it's safe to trust pwd.  How do I tell perl to let this go??

Set a secure PATH...  1/3 :-)

Alternately, say

	open(PWD,"-|") || exec '/usr/bin/pwd', 'dummy';
	chop($_ = <PWD>);
	close PWD;

: If only getwd was built-in...

If I build it in, people will misuse it.  Better they call `pwd` so they
*know* it's inefficient.

I already have too much problem with people thinking the efficiency of
a perl construct is related to its length.

On the other hand, I'm perfectly capable of changing my mind next week...  :-)

Larry