First system details:
Windows 2000
mod_perl2 (Perl 5.8.0 and Apache2)
CGI scripts are set to execute via the "ScriptInterpreterSource registry" setting pointing them to the perl interpreter. However, I'm interested in having some scripts, not all, use taint mode. I don't want to have to deal with it in simple test scripts, but I would like it available in production-level scripts.
If I include a shebang at the top, such as:
it fails to execute, dropping this message:
First off, it shouldn't even be looking at that. It's far from a valid path on this system, and since it used the registry, that line should be nothing more than another comment.
I assume from that error that taint must be turned on at execution time and can't be done from within code (though I hope not). But since I'm using the registry to launch the scripts, I don't want to set that option there for ALL scripts to run with, so I'm back to the beginning again. It feels like it's something simple I'm overlooking.
Can taint be turned on from the code body during execution, or is there some other way to set this for a script?
----------------------------------------------------------------------------------
...but I'm just a C man trying to see the light
Windows 2000
mod_perl2 (Perl 5.8.0 and Apache2)
CGI scripts are set to execute via the "ScriptInterpreterSource registry" setting pointing them to the perl interpreter. However, I'm interested in having some scripts, not all, use taint mode. I don't want to have to deal with it in simple test scripts, but I would like it available in production-level scripts.
If I include a shebang at the top, such as:
Code:
#!/usr/bin/perl -T
Code:
Too late for "-T" option at test.cgi line 1.
I assume from that error that taint must be turned on at execution time and can't be done from within code (though I hope not). But since I'm using the registry to launch the scripts, I don't want to set that option there for ALL scripts to run with, so I'm back to the beginning again. It feels like it's something simple I'm overlooking.
Can taint be turned on from the code body during execution, or is there some other way to set this for a script?
----------------------------------------------------------------------------------
...but I'm just a C man trying to see the light