|
Home
Search Perl pages
Subjects
By activity
Professions, Sciences, Humanities, Business, ...
User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...
Text Strings
Conversions, tests, processing, manipulation,...
Math
Integer, Floating point, Matrix, Statistics, Boolean, ...
Processing
Algorithms, Memory, Process control, Debugging, ...
Stored Data
Data storage, Integrity, Encryption, Compression, ...
Communications
Networks, protocols, Interprocess, Remote, Client Server, ...
Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...
File System
Management, Filtering, File & Directory access, Viewers, ...
|
|
|
|
No glob() or <*>
These operators may spawn the
C shell (csh), which cannot be made safe. This
restriction will be lifted in a future version of Perl when globbing is
implemented without the use of an external program.
No spawning if tainted $CDPATH, $ENV, $BASH_ENV
These environment variables may alter the behavior of spawned programs (especially shells) in ways that subvert security. So now they are treated as dangerous, in the manner of $IFS and
$PATH.
No spawning if tainted $TERM doesn't look like a terminal name
Some termcap libraries do unsafe things with
$TERM. However, it would be unnecessarily harsh to treat all $TERM values as unsafe, since only shell metacharacters can cause trouble in
$TERM. So a tainted $TERM is considered to be safe if it contains only alphanumerics, underscores, dashes, and colons, and unsafe if it contains other characters (including whitespace).
Source: what's new for perl5.004
Copyright: Larry Wall, et al. |
Next: New Opcode module and revised Safe module
Previous: Changes to tainting checks
(Corrections, notes, and links courtesy of RocketAware.com)
![[Overview Topics]](/outbndsm.gif)
Up to: Directory Access
Up to: File Path Name Strings
Rapid-Links:
Search | About | Comments | Submit Path: RocketAware > Perl >
perldelta/No.htm
RocketAware.com is a service of Mib Software
Copyright 2000, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments
|
