[Bioperl-l] Bio-perl and webpages?
Jérémy JUST
jeremy_just at netcourrier.com
Tue Jul 19 11:25:32 EDT 2005
On Tue, 19 Jul 2005 15:31:05 +0100
Paulo Almeida <palmeida at igc.gulbenkian.pt> wrote:
> Insecure $ENV{PATH} while running with -T switch at
> /usr/local/share/perl/5.8.4/Bio/Tools/Run/Alignment/Clustalw.pm line
> 556, <GEN0> line 2.
>
> I wouldn't mind hardcoding the path of Clustal, but I couldn't figure
> out a way to do it, or to untaint the variable. Can anyone help?
The content of %ENV is considered as unsafe, since it comes from
outside your program.
One secure way of untainting the PATH is to set it at the beginning of
your code:
$ENV{PATH} = '/bin:/usr/bin:/usr/local/bin' ;
I think you are bound to hardcode the PATH into your program for it to
be really safe.
I've seen another solution in the SpamAssassin code: it checks each
element of the PATH to verify that there is no world-writable or
group-writable directories in it.
See also perldoc perlsec for more details.
--
Jérémy JUST <jeremy_just at netcourrier.com>
More information about the Bioperl-l
mailing list