Insecure dependency in unlink while running with -T switch

R

Regent

I must say I'm a newbie, writing a script that tries to unlink a
particular file. Both the name of the file and that of the folder are
variable scalar strings. Now that I habitually write with -T and
strictures, I always get the error message "Insecure dependency in
unlink while running with -T switch". The relevant block of code:

if ("$root/$uploadDir/$origfn" ne "")
{
my $toDel = "$root/$uploadDir/$origfn";
unlink ($toDel) or die "$!";
}

where $root is the root path of the web site, $uploadDir is a folder for
temporary uploads, $origfn is the name of the file to be deleted.

How do I solve this problem? Thanks
 
G

Gunnar Hjalmarsson

Regent said:
I must say I'm a newbie, writing a script that tries to unlink a
particular file. Both the name of the file and that of the folder
are variable scalar strings. Now that I habitually write with -T
and strictures, I always get the error message "Insecure dependency
in unlink while running with -T switch".
Click to expand...

How do I solve this problem?
Click to expand...

You learn how to untaint a tainted variable by studying "perldoc
perlsec". If you "habitually" have -T enabled, I can't believe that
you haven't done so before.
 
J

Joe Smith

Regent said:
Both the name of the file and that of the folder are variable scalar strings.
Click to expand...

If the variables are set from user input, they are tainted.
I always get the error message "Insecure dependency in
unlink while running with -T switch". The relevant block of code:
my $toDel = "$root/$uploadDir/$origfn";
unlink ($toDel) or die "$!";
Click to expand...

Imagine that $root or $uploadDir has "../../../etc".
Perl is saying that you haven't done enough to eliminate that possibility.
How do I solve this problem? Thanks
Click to expand...

Follow the suggestions in the docs that describe the -T switch.
-Joe
 
J

John W. Krahn

Regent said:
I must say I'm a newbie, writing a script that tries to unlink a
particular file. Both the name of the file and that of the folder are
variable scalar strings. Now that I habitually write with -T and
strictures, I always get the error message "Insecure dependency in
unlink while running with -T switch". The relevant block of code:

if ("$root/$uploadDir/$origfn" ne "")
Click to expand...

"$root/$uploadDir/$origfn" will NEVER be equal to "" because you have
two literal / characters in the string.


John
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Insecure dependency in open while running with -T switch 2
Inline::C + -T problem 3
system command won't run with -T option on 7
Taint mode help 7
Backtick command with long output super slow 5
Peer Review for Folder Delete Script 20
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
Help untaining the command. Insecure dependency in `` ... setuid 0

Members online

Total: 30 (members: 3, guests: 27)
Robots: 211

Forum statistics

Threads
473,755
Messages
2,569,539
Members
45,024
Latest member
ARDU_PROgrammER

Latest Threads

Top