Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • IIRC PERL5LIB and the like are always stripped out, and you can't disable this, for obvious security reasons.
    • Well, not on FC3, thank god:

         $ export PERL5LIB=foo
         $ sudo bash -c 'echo $PERL5LIB'
         foo

      As far as doing this for "security reasons", meh. Giving a user sudo access is just asking for a security elevation attack. Making it a little harder by restricting environment vars isn't buying all that much.

      -sam

      • I strongly disagree with that. sudo 1.6.8p12 blocks PERL5LIB and PERL5OPT (and ENV, BASH_ENV, SHELLOPTS, etc., see env.c in the sources.) If you don't do that, you can't give sudo access to any program written in perl without the risk of it loading untrusted code (e.g. via PERL5OPT=-MNasty::Module), even if this Perl program is a very simple, taint-checked and carefully crafted script.
        • You strongly disagree with what exactly? My statement was a statement of fact regarding Fedora Core 3 and whatever version of sudo is running there (I'd check but I'm on a Windows box at the moment). I think I've demonstrated that what I said was true. Is there something wrong with the way I'm testing perhaps?

          -sam