Find::File and taint mode

D

Dave Saville

I have a cgi script that uses File::Find.

find(\&wanted, 'D:/Apps/SouthSide/PMMail');

I am getting:

Insecure dependency in chdir while running with -T switch at
D:/usr/lib/perl/lib
/5.8.0/File/Find.pm line 807.

How can I get around this?

TIA

Regards

Dave Saville

NB switch saville for nospam in address
 
G

Gunnar Hjalmarsson

Dave said:
I have a cgi script that uses File::Find.

find(\&wanted, 'D:/Apps/SouthSide/PMMail');

I am getting:

Insecure dependency in chdir while running with -T switch at
D:/usr/lib/perl/lib
/5.8.0/File/Find.pm line 807.

How can I get around this?

By using the 'untaint' option. See the File::Find docs.
 
B

Ben Morrow

Gunnar Hjalmarsson said:
By using the 'untaint' option. See the File::Find docs.

You could also use the 'no_chdir' option, which may or may not be
safer...

Ben
 
D

Dave Saville

You could also use the 'no_chdir' option, which may or may not be
safer...

Thanks - but File: Find is so S L O W I am going to have to rethink it
anyway.

Regards

Dave Saville

NB switch saville for nospam in address
 
D

Dave Saville

What I don't understand is why perl thinks it is tainted - all I am
passing is a quoted string.

Regards

Dave Saville

NB switch saville for nospam in address
 
B

Ben Morrow

Dave Saville said:
What I don't understand is why perl thinks it is tainted - all I am
passing is a quoted string.

It's not that that's tainted: that string's fine. It's the next set of
strings: the list of directories in PMMail to recurse into. Since
those names have come from readdir, which brings data in from outside
the program, they're tainted. If you are *quite* sure that noone
untrusted can affect the names of those directories, then it is safe
to use the 'untaint' option.

Ben
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top