Ask a Question related to PERL Beginners, Design and Development.
-
Marcus Willemsen #1
Trouble with -T switch
Hi everybody,
I'm having trouble with setting the path to my sendmail program when using the -T switch. It's a simple script that creates a from, asks for an email adresse and sends an answer after the form was submitted. I keep getting the following error message although I've set the $ENV{'PATH'} in the script. Can anyone help?
Error message:
Insecure directory in $ENV{PATH} while running with -T switch at /usr/local/httpd/cgi-bin/subscribe.pl line 45.
Here is a part of the code
________snippet______
#!/usr/bin/perl -wT
#Pull in modules, create form etc.
sub send_mail {
my $a = shift;
$a = check($a); #sub that check's the email adress
print ("Thank your for ordering our Newsletter.");
$ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail: $!\n"; print SENDMAIL <<"FILE";
From: JUVE Newsline <juve-newsline\@juve.de>
To: <$a>
..
..etc
}
_____Snippet______
Thanks Marcus
Marcus Willemsen
Online Redaktion
Juve Verlag GmbH
Sachsenring. 6
50677 Köln
++49 (0)221 91 38 80 16
[url]www.juve.de[/url]
Geschäftsführer: Dr. Astrid Gerber, Dr. Aled W. Griffiths
Sitz der Gesellschaft: Köln
Amtsgericht Köln HRB 29593, Gerichtsstand: Köln
Bankverbindung: Stadtsparkasse Köln, BLZ 37050198, Kto-Nr. 4772281
Marcus Willemsen Guest
-
Switch question
In some languages, you can do the following in a Switch statement...is there a way to do this in PHP? Thanks in advance switch($voteraction){... -
RCR: New interpreter switch
One place where perl's heavy use of implicit variables scores is in quick one-liners from the command prompt. I think ruby would be more appealing... -
Switch to 12" G4 - ?'s
I am looking for an ultraportable to do powerpoint and word on, and take on the road for presentations, It must work flawlessly with my desktop... -
Trying to use a here doc within a switch
I'm trying to use here docs within a switch to output html. The code below works (i.e. prints a Foo1 headline below my tab graphic) but if I take... -
VisualAge 6 installation trouble on aix 5.2, gcc trouble too :)
I've installed gcc 3.x from UCLA site. and I got this error - In file included from test.c:23: /usr/include/pthread.h:554: error: parse error... -
Wiggins D Anconia #2 Re: Trouble with -T switch
> Hi everybody,
using the -T switch. It's a simple script that creates a from, asks for>
> I'm having trouble with setting the path to my sendmail program when
an email adresse and sends an answer after the form was submitted. I
keep getting the following error message although I've set the
$ENV{'PATH'} in the script. Can anyone help?/usr/local/httpd/cgi-bin/subscribe.pl line 45.>
> Error message:
> Insecure directory in $ENV{PATH} while running with -T switch at$!\n"; print SENDMAIL <<"FILE";>
> Here is a part of the code
> ________snippet______
>
> #!/usr/bin/perl -wT
> #Pull in modules, create form etc.
>
>
> sub send_mail {
> my $a = shift;
> $a = check($a); #sub that check's the email adress
> print ("Thank your for ordering our Newsletter.");
> $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
> open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:You haven't shown us where you are untainting $ENV{'PATH'}... I assume> From: JUVE Newsline <juve-newsline\@juve.de>
> To: <$a>
> .
> .etc
>
> }
> _____Snippet______
you have read perldoc taint ??
How about not shelling out to sendmail in the above manner at all, and
instead use a module to send your messages? There are many available
and unless you are a Sendmail pro you shouldn't bother with it directly.
[url]http://danconia.org[/url]
Wiggins D Anconia Guest
-
Marcus Willemsen #3 RE: Trouble with -T switch
> > Hi everybody,
I'm not explicitly untainting $ENV{'PATH'}. As far as I understood> using the -T switch. It's a simple script that creates a> >
> > I'm having trouble with setting the path to my sendmail program when
> from, asks for an email adresse and sends an answer after the
> form was submitted. I keep getting the following error
> message although I've set the $ENV{'PATH'} in the script. Can
> anyone help?> /usr/local/httpd/cgi-bin/subscribe.pl line 45.> >
> > Error message:
> > Insecure directory in $ENV{PATH} while running with -T switch at> $!\n"; print SENDMAIL <<"FILE";> >
> > Here is a part of the code
> > ________snippet______
> >
> > #!/usr/bin/perl -wT
> > #Pull in modules, create form etc.
> >
> >
> > sub send_mail {
> > my $a = shift;
> > $a = check($a); #sub that check's the email adress
> > print ("Thank your for ordering our Newsletter.");
> > $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
> > open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:>> > From: JUVE Newsline <juve-newsline\@juve.de>
> > To: <$a>
> > .
> > .etc
> >
> > }
> > _____Snippet______
> You haven't shown us where you are untainting $ENV{'PATH'}...
> I assume you have read perldoc taint ??
Programming Perl setting the path is enough, but apparently it is not. I
thought only data has to be untained?
I would love to use Mail::Mailer or MimeLite but we are having a bit of>
> How about not shelling out to sendmail in the above manner at
> all, and instead use a module to send your messages? There
> are many available and unless you are a Sendmail pro you
> shouldn't bother with it directly.
trouble with our ISP and it's always a bit of a hassle to get CPAN
Modules installed.
Marcus
[url]http://danconia.org[/url]
Marcus Willemsen Guest
-
Wiggins D Anconia #4 RE: Trouble with -T switch
> > > Hi everybody,
Ah, I see what you are doing now. I am a little surprised that it is> I'm not explicitly untainting $ENV{'PATH'}. As far as I understood> > using the -T switch. It's a simple script that creates a> > >
> > > I'm having trouble with setting the path to my sendmail program when
> > from, asks for an email adresse and sends an answer after the
> > form was submitted. I keep getting the following error
> > message although I've set the $ENV{'PATH'} in the script. Can
> > anyone help?> > /usr/local/httpd/cgi-bin/subscribe.pl line 45.> > >
> > > Error message:
> > > Insecure directory in $ENV{PATH} while running with -T switch at> > $!\n"; print SENDMAIL <<"FILE";> > >
> > > Here is a part of the code
> > > ________snippet______
> > >
> > > #!/usr/bin/perl -wT
> > > #Pull in modules, create form etc.
> > >
> > >
> > > sub send_mail {
> > > my $a = shift;
> > > $a = check($a); #sub that check's the email adress
> > > print ("Thank your for ordering our Newsletter.");
> > > $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
> > > open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:> >> > > From: JUVE Newsline <juve-newsline\@juve.de>
> > > To: <$a>
> > > .
> > > .etc
> > >
> > > }
> > > _____Snippet______
> > You haven't shown us where you are untainting $ENV{'PATH'}...
> > I assume you have read perldoc taint ??
> Programming Perl setting the path is enough, but apparently it is not. I
> thought only data has to be untained?
>
complaining though I don't know the exact methods it uses. Setting
$ENV{'PATH'} as you have done seems very awkward to me, there is no
reason to assign the path (and arguments) of your sendmail call to the
global %ENV hash. Does it work if you assign it to a plain scalar? If
you must have it in %ENV I would suggest choosing a key that is not a
default and commonly used one...
Yeh sometimes that is a problem. I assume you know that modules don't>> >
> > How about not shelling out to sendmail in the above manner at
> > all, and instead use a module to send your messages? There
> > are many available and unless you are a Sendmail pro you
> > shouldn't bother with it directly.
> I would love to use Mail::Mailer or MimeLite but we are having a bit of
> trouble with our ISP and it's always a bit of a hassle to get CPAN
> Modules installed.
>
have to be installed into a root owned directory? In cases where you
don't have shell access this won't help much, always something I check
for when deciding amongst ISPs...
[url]http://danconia.org[/url]
Wiggins D Anconia Guest
-
Jan Eden #5 RE: Trouble with -T switch
Hi Marcus,
Marcus Willemsen wrote:
>>>Hi everybody,
>>>
>>>I'm having trouble with setting the path to my sendmail program
>>>when using the -T switch.Why don't you set $ENV{'PATH'} to something else and open the filehandle for sendmail explicitly?>>>Here is a part of the code
>> > ________snippet______
>> >
>> > #!/usr/bin/perl -wT
>> > #Pull in modules, create form etc.
>> >
>> >
>> > sub send_mail {
>> > my $a = shift;
>> > $a = check($a); #sub that check's the email adress
>> > print ("Thank your for ordering our Newsletter.");
>> > $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
>> > open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:
$ENV{'PATH'} = "";
open (SENDMAIL, "|/usr/sbin/sendmail -oi -t -odq");
It's one more line (for setting $ENV{'PATH'}, but it should stop -T from complaining.
Are you aware of [email]beginners-cgi@perl.org[/email]? I posted my CGI questions to [email]beginners@perl.org[/email] until someone notified me of this list.
- Jan
--
If all else fails read the instructions. - Donald Knuth
Jan Eden Guest
-
Marcus Willemsen #6 RE: Trouble with -T switch
Thanks Jan,
It worked.> $ENV{'PATH'} = "";
> open (SENDMAIL, "|/usr/sbin/sendmail -oi -t -odq");Yes, I am. And I don't know why I didn't post my question there. But on> Are you aware of [email]beginners-cgi@perl.org[/email]? I posted my CGI
> questions to [email]beginners@perl.org[/email] until someone notified me of
> this list.
the other hand using taint mode applies none CGI scripts as well, so I
thought this list might be appropriate.
Grettings Marcus
>
> - Jan
> --
> If all else fails read the instructions. - Donald Knuth
>Marcus Willemsen Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
