[Bioperl-l] Bio-perl and webpages?
Paulo Almeida
palmeida at igc.gulbenkian.pt
Tue Jul 19 14:45:31 EDT 2005
Hey,
I did what you said and it seems to be working. Thank you very much. I
changed things in Clustalw.pm back and forth and never thought of trying to
solve the problem within my script.
-- Paulo
On Tuesday 19 July 2005 16:25, Jérémy JUST wrote:
> On Tue, 19 Jul 2005 15:31:05 +0100
>
> Paulo Almeida <palmeida at igc.gulbenkian.pt> wrote:
> > Insecure $ENV{PATH} while running with -T switch at
> > /usr/local/share/perl/5.8.4/Bio/Tools/Run/Alignment/Clustalw.pm line
> > 556, <GEN0> line 2.
> >
> > I wouldn't mind hardcoding the path of Clustal, but I couldn't figure
> > out a way to do it, or to untaint the variable. Can anyone help?
>
> The content of %ENV is considered as unsafe, since it comes from
> outside your program.
> One secure way of untainting the PATH is to set it at the beginning of
> your code:
>
> $ENV{PATH} = '/bin:/usr/bin:/usr/local/bin' ;
>
>
> I think you are bound to hardcode the PATH into your program for it to
> be really safe.
> I've seen another solution in the SpamAssassin code: it checks each
> element of the PATH to verify that there is no world-writable or
> group-writable directories in it.
>
>
> See also perldoc perlsec for more details.
More information about the Bioperl-l
mailing list