I was auditing some Apache::Registry-based scripts for our website
and was shocked by the lack of input checking (think the worst
possible: open "|mail $foo"). In an ideal world I would turn
PerlTaintCheck On immediately and spend a couple weeks fixing
everything that broke. I do not live in an ideal world. Is there
a way to turn taint checking on in a per-script basis? The guide
mentions that -T doesn't work under mod_perl. The best way I could
think of would be something like
<Files /cgi-bin/please_hack_us.pl>
PerlTaintCheck On
</Files>
Is there a better way?
--
markw@horvitznewspapers.net
Unfurnished treeless barren ball.
and was shocked by the lack of input checking (think the worst
possible: open "|mail $foo"). In an ideal world I would turn
PerlTaintCheck On immediately and spend a couple weeks fixing
everything that broke. I do not live in an ideal world. Is there
a way to turn taint checking on in a per-script basis? The guide
mentions that -T doesn't work under mod_perl. The best way I could
think of would be something like
<Files /cgi-bin/please_hack_us.pl>
PerlTaintCheck On
</Files>
Is there a better way?
--
markw@horvitznewspapers.net
Unfurnished treeless barren ball.