Tainted variable problem (PERL)
Hi all,
some unusual problem. I have written a script without any -T but still it is doing taint checking...
I am passing directory name like /abc/foo/ as command line param, then it is accessed in the script using ARGV[1];
e.g. my $a = $ARGV[1];
when I use $a, it gives Insecure dependency in `` while running with -T switch.
Why ??? I am not using -T either.
Any help will be appreciated.
Code snippet is below:
my $ROOT_FS = $ARGV[1];
# setting some initial environment settings
# first changing to root
my $ruid = $<;
$<=$>;
# executing priveleged commands
system ("chown", "-R", "root:root", $ROOT_FS);
system ("chmod", "-R", "777", $ROOT_FS);
my $logfile = $ROOT_FS."temp/root_fs2/mnt/tmp/resultlog";
system (">$logfile");
# restoring ruid
$<=$ruid;
it gives error messages from all system commands. It is executed y user apache and the script needs root privilege to run the commands.
rajat garg
|