jsb@cs.brown.edu (John Bazik) (11/07/90)
In moving some scripts I wrote under pl18 to pl37, I ran across this: Insecure PATH at /cs/lib/admin/perl/file.pl line 458. The offending statement is: sub main'getwd { >>> $_ = `/usr/bin/pwd`; chop; return $_; } I think it's safe to trust pwd. How do I tell perl to let this go?? If only getwd was built-in... John Bazik jsb@cs.brown.edu
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (11/07/90)
In article <55514@brunix.UUCP> jsb@cs.brown.edu (John Bazik) writes:
: In moving some scripts I wrote under pl18 to pl37, I ran across this:
:
: Insecure PATH at /cs/lib/admin/perl/file.pl line 458.
:
: The offending statement is:
:
: sub main'getwd {
: >>> $_ = `/usr/bin/pwd`;
: chop;
: return $_;
: }
:
: I think it's safe to trust pwd. How do I tell perl to let this go??
Set a secure PATH... 1/3 :-)
Alternately, say
open(PWD,"-|") || exec '/usr/bin/pwd', 'dummy';
chop($_ = <PWD>);
close PWD;
: If only getwd was built-in...
If I build it in, people will misuse it. Better they call `pwd` so they
*know* it's inefficient.
I already have too much problem with people thinking the efficiency of
a perl construct is related to its length.
On the other hand, I'm perfectly capable of changing my mind next week... :-)
Larry