M
Matthew Braid
Hi all,
I was just trolling through my messages file recently and noticed that
ever since I upgraded from 5.8.0 to 5.8.1 I've been getting a lot of
'Insecure dependency' (ie taint) errors from one of my daemon scripts.
On closer inspection I narrowed it down to an exec call in MIME::Lite.
This chunk of code had not produced an error before while taint mode is
on (and in fact the comments around that chunk of code basically said
'Run sendmail in a taint-safe fashion').
Has exec become more taint-aware between 5.8.0 and 5.8.1?
I worked around it by untainting everything passed to exec, but it was a
little surprising and I haven't seen anything mentioned about the change
in documentation.
MB
I was just trolling through my messages file recently and noticed that
ever since I upgraded from 5.8.0 to 5.8.1 I've been getting a lot of
'Insecure dependency' (ie taint) errors from one of my daemon scripts.
On closer inspection I narrowed it down to an exec call in MIME::Lite.
This chunk of code had not produced an error before while taint mode is
on (and in fact the comments around that chunk of code basically said
'Run sendmail in a taint-safe fashion').
Has exec become more taint-aware between 5.8.0 and 5.8.1?
I worked around it by untainting everything passed to exec, but it was a
little surprising and I haven't seen anything mentioned about the change
in documentation.
MB