Re: running perl script as sudo
Re: running perl script as sudo
- Subject: Re: running perl script as sudo
- From: Sherm Pendley <email@hidden>
- Date: Wed, 19 Nov 2003 14:28:12 -0500
On Nov 15, 2003, at 3:12 PM, Cory Forsyth wrote:
But, in addition to giving me the "locale" warnings, it also says:
"Insecure $ENV{PATH} while running setuid at
/Users/blah/authPerlTest/build/authTest.app/Contents/Resources/
perltest.pl line 5."
Have you tried Perl's "splain" tool to get a more informative
description of the error?
Sherm-Pendleys-Computer:~ sherm$ splain
/usr/bin/splain: Reading from STDIN
Insecure $ENV{PATH} while running setuid at
/UseInsecure $ENV{PATH} while running setuid at (#1)
(F) You can't use system(), exec(), or a piped open in a setuid or
setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
$ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
supplied (or potentially supplied) by the user. The script must set
the path to a known value, using trustworthy data. See perlsec.
Essentially, your script *is* being run with root privileges, which
activates Perl's "taint" mode. In "taint" mode, Perl imposes some
restrictions on what can be done with data obtained from the user.
See the 'perlsec' man (or perldoc) page for details about Perl's
"taint" mode.
sherm--
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.