[Bioperl-l] Bio-perl and webpages?

Paulo Almeida palmeida at igc.gulbenkian.pt
Tue Jul 19 14:45:31 EDT 2005


Hey,

I did what you said  and it seems to be working. Thank you very much. I 
changed things in Clustalw.pm back and forth and never thought of trying to 
solve the problem within my script.

-- Paulo

On Tuesday 19 July 2005 16:25, Jérémy JUST wrote:
> On Tue, 19 Jul 2005 15:31:05 +0100
>
> Paulo Almeida <palmeida at igc.gulbenkian.pt> wrote:
> > Insecure $ENV{PATH} while running with -T switch at
> > /usr/local/share/perl/5.8.4/Bio/Tools/Run/Alignment/Clustalw.pm line
> > 556, <GEN0> line 2.
> >
> > I wouldn't mind hardcoding the path of Clustal, but I couldn't figure
> > out a way to do it, or to untaint the variable. Can anyone help?
>
>   The content of %ENV is considered as unsafe, since it comes from
> outside your program.
>   One secure way of untainting the PATH is to set it at the beginning of
> your code:
>
> $ENV{PATH} = '/bin:/usr/bin:/usr/local/bin' ;
>
>
>   I think you are bound to hardcode the PATH into your program for it to
> be really safe.
>   I've seen another solution in the SpamAssassin code: it checks each
> element of the PATH to verify that there is no world-writable or
> group-writable directories in it.
>
>
>   See also perldoc perlsec for more details.



More information about the Bioperl-l mailing list