diff options
author | markm <markm@FreeBSD.org> | 1999-07-19 18:17:54 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 1999-07-19 18:17:54 +0000 |
commit | 7703f6a267bf5a07cc8b478b9f943cd027efb24a (patch) | |
tree | a3d49fd9082b3992348323c25d696c88d4f0cadf /contrib/perl5 | |
parent | 2d7803cd6ba4df3c6e8ee2495adc4f0d329a13fe (diff) | |
download | FreeBSD-src-7703f6a267bf5a07cc8b478b9f943cd027efb24a.zip FreeBSD-src-7703f6a267bf5a07cc8b478b9f943cd027efb24a.tar.gz |
Fix a problem where commands in backticks `` wont get executed in taint
mode because of an insecure path.
Reported by: George Cox
Diffstat (limited to 'contrib/perl5')
-rw-r--r-- | contrib/perl5/lib/Sys/Hostname.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/contrib/perl5/lib/Sys/Hostname.pm b/contrib/perl5/lib/Sys/Hostname.pm index 95f9a99..f8e9095 100644 --- a/contrib/perl5/lib/Sys/Hostname.pm +++ b/contrib/perl5/lib/Sys/Hostname.pm @@ -93,14 +93,20 @@ sub hostname { # method 3 - trusty old hostname command || eval { + $pathstack = $ENV{'PATH'}; + $ENV{'PATH'} = "/bin:/usr/bin"; local $SIG{__DIE__}; $host = `(hostname) 2>/dev/null`; # bsdish + $ENV{'PATH'} = $pathstack; } # method 4 - sysV uname command (may truncate) || eval { + $pathstack = $ENV{'PATH'}; + $ENV{'PATH'} = "/bin:/usr/bin"; local $SIG{__DIE__}; $host = `uname -n 2>/dev/null`; ## sysVish + $ENV{'PATH'} = $pathstack; } # method 5 - Apollo pre-SR10 |