Search Perl pages
Professions, Sciences, Humanities, Business, ...
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...
Conversions, tests, processing, manipulation,...
Integer, Floating point, Matrix, Statistics, Boolean, ...
Algorithms, Memory, Process control, Debugging, ...
Data storage, Integrity, Encryption, Compression, ...
Networks, protocols, Interprocess, Remote, Client Server, ...
Timing, Calendar and Clock, Audio, Video, Printer, Controls...
Management, Filtering, File & Directory access, Viewers, ...
Next: New Opcode module and revised Safe module
No glob() or <*>
These operators may spawn the
C shell (csh), which cannot be made safe. This
restriction will be lifted in a future version of Perl when globbing is
implemented without the use of an external program.
No spawning if tainted $CDPATH, $ENV, $BASH_ENV
These environment variables may alter the behavior of spawned programs (especially shells) in ways that subvert security. So now they are treated as dangerous, in the manner of
No spawning if tainted $TERM doesn't look like a terminal name
Some termcap libraries do unsafe things with
$TERM. However, it would be unnecessarily harsh to treat all
$TERM values as unsafe, since only shell metacharacters can cause trouble in
$TERM. So a tainted
$TERM is considered to be safe if it contains only alphanumerics, underscores, dashes, and colons, and unsafe if it contains other characters (including whitespace).
Source: what's new for perl5.004
Copyright: Larry Wall, et al.
Previous: Changes to tainting checks
(Corrections, notes, and links courtesy of RocketAware.com)
Up to: Directory Access
Up to: File Path Name Strings
Search | About | Comments | Submit Path: RocketAware > Perl >
RocketAware.com is a service of Mib Software
Copyright 2000, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments