Hi All,

I'm currently writing a simple Perl form processor (how unusual) and, for obvious reasons (the form does open a pipe to send some mail), I use the -T switch. Now, on the virtual server I'm currently working on, with the -T switch, Perl will simply refuse to send *anything* through the pipe - even without any tainted data around. Without -T, it runs just fine. Check the code:

#!/usr/local/bin/perl -Tw
print "Content-type: text/html\n\n";
print "Send an email<br>\n";

open (MAIL,'| /usr/sbin/sendmail -t');

print MAIL <<END;
To: blue\@someisp.com
From: info\@someisp.com
Subject: nothing much


Hi there! Tainted switch test: on.
END
close MAIL;

print "Email sent.<br>\n";

exit;

Any idea why this really basic script fails with -T on? Is this situation indicative of smthg wrong with the server setup, or did I screw up somewhere else without noticing? I'm working on a server running FreeBSD 5.3 with Perl 5.008005 installed, and I feel like banging my head in the wall.

Thanks in advance for your help!

If you changed the open() call to
open (MAIL,'| /usr/sbin/sendmail -t') or die $!;
you'd see the error message
(always check the return value of system calls)

Basically, even though you're using an absolute path to sendmail, taint's complaining because your $ENV{PATH} is still tainted
Do this
$ENV{PATH} = '';
just below the #! line, and it should all work

Excellent, problem solved. Thanks Fire! I read your post, then I asked to see (and got) the logfiles and spotted the taint error pointing to $ENV{PATH}. Then I found this page http://search.cpan.org/~andyd/perl5.003_07/pod/perlsec.pod and everything was clear.

Great, and thanks again for your help!