Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

ddick (5726)

ddick
  (email not shown publicly)

I'm based out of Melbourne, Australia. I attend the excellent melbourne.pm.org meetings whenever i get the chance, which is not often enough.

Journal of ddick (5726)

Sunday June 17, 2007
07:39 AM

fun with taint and Getopt::Long

[ #33539 ]
save following code as test.pl

#! /usr/bin/perl -wT

use Getopt::Long();
use strict;

$ENV{'PATH'} = '/bin:/usr/bin:/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

MAIN: {
        my ($file);
        Getopt::Long::GetOptions('file:s', \$file);
        system("echo $file");
}

run the following commands

$ test.pl --file blah
Insecure dependency in system while running with -T switch at test.pl line 12.
$ test.pl --file=blah
blah
$ perl -e 'print "Wtf???\n";'

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • … that it’s because in the --file=blah case, the parameter gets extracted with a regex match and in the --file blah case, it’s just taken verbatim from @ARGV.