$foo = shift; # $foo is tainted $bar = $foo,'bar'; # $bar is also tainted $xxx = <>; # Tainted $path = $ENV{'PATH'}; # Tainted, but see below $abc = 'abc'; # Not tainted system "echo $foo"; # Insecure system "/bin/echo", $foo; # Secure (doesn't use sh) system "echo $bar"; # Insecure system "echo $abc"; # Insecure until PATH set $ENV{'PATH'} = '/bin:/usr/bin'; $ENV{'IFS'} = '' if $ENV{'IFS'} ne ''; $path = $ENV{'PATH'}; # Not tainted system "echo $abc"; # Is secure now! open(FOO,"$foo"); # OK open(FOO,">$foo"); # Not OK open(FOO,"echo $foo|"); # Not OK, but... open(FOO,"-|") || exec 'echo', $foo; # OK $zzz = `echo $foo`; # Insecure, zzz tainted unlink $abc,$foo; # Insecure umask $foo; # Insecure eval $foo; # Very insecure exec "echo $foo"; # Insecure exec "echo", $foo; # Secure (doesn't use sh) exec "sh", '-c', $foo; # Considered secure, alas