taint mode and require using "."

[Asterbing]

Considering a script with a line like this :

require 'config.cgi';

When I activate the taint mode through "#!/usr/bin/perl -T" and adding
"use CGI::Carp qw/fatalsToBrowser/;" for the purpose to see tatal errors
on browser, I'm getting this error "Can't locate config.cgi in @INC".

According to what I've read, it seems normal since taint mode remove the
"." from @INC.

I don't wish to indicate an absolute path which would be to adjust for
every install on a new server, thus I've just modified the require line
like this : "require './config.cgi';

But... When I run the script now I'm just getting a direct perl.exe
crash without any message !

How to write this require line with taint mode ?

 

[Gunnar Hjalmarsson]

Considering a script with a line like this :

require 'config.cgi';

When I activate the taint mode through "#!/usr/bin/perl -T" and adding
"use CGI::Carp qw/fatalsToBrowser/;" for the purpose to see tatal errors
on browser, I'm getting this error "Can't locate config.cgi in @INC".

According to what I've read, it seems normal since taint mode remove the
"." from @INC.

You can add it:

use lib '.';

 

[Emmanuel Florac]

Le Wed, 05 Apr 2006 14:51:42 +0200, Gunnar Hjalmarsson a écrit :

You can add it:

use lib '.';

Nope, not in taint mode.

 

[Gunnar Hjalmarsson]

Le Wed, 05 Apr 2006 14:51:42 +0200, Gunnar Hjalmarsson a écrit :

Nope, not in taint mode.

C:\home>type test.pl
use lib '.';
grep $_ eq '.', @INC and print "Worked fine\n";

C:\home>perl -T test.pl
Worked fine

C:\home>

 

[Emmanuel Florac]

Le Wed, 05 Apr 2006 22:32:15 +0200, Gunnar Hjalmarsson a écrit :

C:\home>perl -T test.pl
Worked fine

Weird, didn't work last time I tried.

 

[robic0]

Considering a script with a line like this :

require 'config.cgi';

When I activate the taint mode through "#!/usr/bin/perl -T" and adding
"use CGI::Carp qw/fatalsToBrowser/;" for the purpose to see tatal errors
on browser, I'm getting this error "Can't locate config.cgi in @INC".

According to what I've read, it seems normal since taint mode remove the
"." from @INC.

I don't wish to indicate an absolute path which would be to adjust for
every install on a new server, thus I've just modified the require line
like this : "require './config.cgi';

But... When I run the script now I'm just getting a direct perl.exe
crash without any message !

How to write this require line with taint mode ?

Whats a taint mode? I hope this is not a word from Perl.
If it is, then Perl really does suck rancid wet dogshit.

 

[Tad McClellan]

Whats a taint mode?

perldoc perlsec

 

[Joe Smith]

Whats a taint mode? I hope this is not a word from Perl.
If it is, then Perl really does suck rancid wet dogshit.

And you've never watched a courtroom drama where the
judge disallows the use of "tainted evidence", right?

Taint: place under suspicion or cast doubt upon, as
in unreliable testimony.

Anyone who does not accept 'taint' as a valid word
really does suck rancid wet robicshit.

 

[robic0]

And you've never watched a courtroom drama where the
judge disallows the use of "tainted evidence", right?

Taint: place under suspicion or cast doubt upon, as
in unreliable testimony.

Anyone who does not accept 'taint' as a valid word
really does suck rancid wet robicshit.

^^^^^
blow me scumbag.

 

[robic0]

perldoc perlsec

taint true, just taint... hehehe