jsb@cs.brown.edu (John Bazik) (11/07/90)
In moving some scripts I wrote under pl18 to pl37, I ran across this:
Insecure PATH at /cs/lib/admin/perl/file.pl line 458.
The offending statement is:
sub main'getwd {
>>> $_ = `/usr/bin/pwd`;
chop;
return $_;
}
I think it's safe to trust pwd. How do I tell perl to let this go??
If only getwd was built-in...
John Bazik
jsb@cs.brown.edulwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (11/07/90)
In article <55514@brunix.UUCP> jsb@cs.brown.edu (John Bazik) writes:
: In moving some scripts I wrote under pl18 to pl37, I ran across this:
:
: Insecure PATH at /cs/lib/admin/perl/file.pl line 458.
:
: The offending statement is:
:
: sub main'getwd {
: >>> $_ = `/usr/bin/pwd`;
: chop;
: return $_;
: }
:
: I think it's safe to trust pwd. How do I tell perl to let this go??
Set a secure PATH... 1/3 :-)
Alternately, say
open(PWD,"-|") || exec '/usr/bin/pwd', 'dummy';
chop($_ = <PWD>);
close PWD;
: If only getwd was built-in...
If I build it in, people will misuse it. Better they call `pwd` so they
*know* it's inefficient.
I already have too much problem with people thinking the efficiency of
a perl construct is related to its length.
On the other hand, I'm perfectly capable of changing my mind next week... :-)
Larry