What happened to the taint error?!? It's as if -T never existed and near as I can tell, there's no way to pass the option directly into SpeedyCGI (or is it Persistent Perl...)
To me this says serious security risk.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, here's a simple perl script:
---
#!/usr/bin/perl
print `whereis whereis`;
---
This prints the results of the whereis command. Now lets add the '-T' to do taint checking:
---
#!/usr/bin/perl -T
print `whereis whereis`;
---
You should get an error message "Insecure $ENV{PATH} while running with -T switch ..." cause that's what '-T' is there for.
Now let's run the same script using Persistent Perl (or is it SpeedyCGI?? Who can tell these days...).
---
#!/usr/bin/perperl -T
print `whereis whereis`;
---
What happened to the taint error?!? It's as if -T never existed and near as I can tell, there's no way to pass the option directly into SpeedyCGI (or is it Persistent Perl...)
To me this says serious security risk.