C
ct
Hi,
I am using a setuid script. Inside the script I need to get a path
from a user defined environment variable and then append the executable
to that path and then issue the system command to execute it.
I won't know the path beforehand so I cannot use regular expression to
"untaint" it.
Any advise regarding how to get around it?
Thanks,
CT
I am using a setuid script. Inside the script I need to get a path
from a user defined environment variable and then append the executable
to that path and then issue the system command to execute it.
I won't know the path beforehand so I cannot use regular expression to
"untaint" it.
Any advise regarding how to get around it?
Thanks,
CT