使用-T开关运行时，不安全的$ ENV {PATH} [英] Insecure $ENV{PATH} while running with - T switch

问题描述

我正在尝试使用命令-ststus检查linux中的服务.但是我得到这个错误:在 checkservices 第 3 行使用 -T 开关运行时不安全的 $ENV{PATH}.在行中我有这个: My @services = `status`;

I'm trying to check services in linux with the command - ststus. However I get this error: Insecure $ENV{PATH} while running with - T switch at checkservices line 3. In the line i have this : My @services =`status`;

这里有什么问题?

#!/user/bin/perl
Use strict;
My @services = `status`;
foreach my $service(@services){
If(! (service =~ /{running|UP} /)){
Print "up"; }  
} `

推荐答案

来自

对于不安全的$ ENV {PATH}"消息，您需要将$ ENV {'PATH'}设置为已知值，并且路径中的每个目录必须是绝对目录，并且除其所有者和组外，其他目录均不可写.即使可执行文件的路径名是完全限定的，您也可能会惊讶地收到此消息.由于未提供程序的完整路径，因此不会生成该文件.而是因为您从未设置PATH环境变量，或者未将其设置为安全的东西而生成了它.由于Perl不能保证所讨论的可执行文件本身不会转过来执行依赖于PATH的其他程序，因此可以确保设置PATH.

For "Insecure $ENV{PATH} " messages, you need to set $ENV{'PATH'} to a known value, and each directory in the path must be absolute and non-writable by others than its owner and group. You may be surprised to get this message even if the pathname to your executable is fully qualified. This is not generated because you didn't supply a full path to the program; instead, it's generated because you never set your PATH environment variable, or you didn't set it to something that was safe. Because Perl can't guarantee that the executable in question isn't itself going to turn around and execute some other program that is dependent on your PATH, it makes sure you set the PATH.

当您传递系统和exec显式参数列表(而不是其中包含可能的外壳通配符的字符串)时，Perl不会调用外壳来扩展通配符.不幸的是，open，glob和backtick函数没有提供这种替代的调用约定，因此将需要更多的技巧.

Perl does not call the shell to expand wild cards when you pass system and exec explicit parameter lists instead of strings with possible shell wildcards in them. Unfortunately, the open, glob, and backtick functions provide no such alternate calling convention, so more subterfuge will be required.

这篇关于使用-T开关运行时，不安全的$ ENV {PATH}的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！