StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Your question is not really related to taint mode. You set </p> <pre><code>$ENV{PATH}="/usr/bin:/bin:/sbin:/usr/sbin"; </code></pre> <p>These directories do not normally exist on a Windows machine. <code>dir</code> is a cmd.exe internal command so to be able to execute that, you need to add the directory where it resides to the path.</p> <p>Now, note that the way you go about doing it contradicts the whole point of setting the path to known definite locations. It is definitely possible for a nefarious user to change this environment variable to point to his dangerous version of <code>dir</code>.</p> <p>The fact that Windows is not necessarily installed in C:\Windows complicates writing a taint-safe script on Windows if you rely on any of the shell builtins.</p> <p><strong>EDIT:</strong> Here is a short test program you can use as a baseline:</p> <pre><code>#!/usr/bin/perl -T use strict; use warnings; $ENV{PATH} = join(';', qw(C:\Windows C:\Windows\System32) ); delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; open my $pipe_h, '-|', 'dir' or die "Cannot open pipe to dir: $!"; print while <$pipe_h>; close $pipe_h or die "Cannot close pipe to dir: $!"; __END__ C:\Temp> perl -T v.pl ... 2009/05/25 08:58 AM 3,584 zzz.exe 64 File(s) 32,125,365 bytes 14 Dir(s) 39,251,894,272 bytes free </code></pre> <p>Basically, what you need is for the system administrator to hardcode the acceptable path at installation time and for untrusted users not to have write permissions on the script.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload