About | Contact | Help

Home Register Articles Links IT Freebies

Main Menu  Home  Register  Articles  Links  IT Freebies  Top 10  Gallery  Login Username: Password:  Remember Me? Forgot password? You are a guest user. You can register for free by clicking here.  Online Now 1 Member(s) 4 Guest(s) 15 Robot(s) Log in to see who's on. Most ever on: 794 Membership: 97

Home » Articles » Programming Design Is it safe to rely on the PATH environment variabl Published on 01/22/12 at 13:17:51 EST by GentleGiant Programming Design 07/06/2020: Basic layout principles 07/06/2020: Typography principles 07/06/2020: Basic color theory 07/06/2020: Use of color, typography, and layout 07/06/2020: Designing in the browser Not really. One favorite hacker's trick is to alter the PATH environment variable so that it points to the program he wants your script to execute rather than the program you're expecting. In addition to avoiding passing unchecked user variables to external programs, you should also invoke the programs using their full absolute pathnames rather than relying on the PATH environment variable. That is, instead of this fragment of C code:   system("ls -l /local/web/foo"); use this:   system("/bin/ls -l /local/web/foo"); If you must rely on the PATH, set it yourself at the beginning of your CGI script:   putenv("PATH=/bin:/usr/bin:/usr/local/bin"); In general it's not a good idea to put the current directory (".") into the path. 0 comments, (574 reads) All Articles by, GentleGiant       Sign Up The comments are owned by the poster. We aren't responsible for its content. Only registered members may comment on articles.   No comments so far.   The comments are owned by the poster. We aren't responsible for its content. Only registered members may comment on articles.

Recent Discussions

Home Articles Links IT Freebies Our Parent Company

About | Contact | Help | Recommend | Statistics         View All Advertisements View All Advertisements This site is part of the Detroit Metro Area Networks *******************************