Don't use untaint, hardcode the PATH
Untaint isn't really useful for $PATH, as we're only looking
there for the location of the ssh executable. If we don't find
it in /bin:/usr/bin, then the user can specify the full path in
their .kuprc.
diff --git a/kup b/kup
index 5fe28c7..5896290 100755
--- a/kup
+++ b/kup
@@ -49,17 +49,12 @@
}
}
-# This is a client, and so running with tainting on is a bit overly
-# paranoid. As a result we have to explicitly untaint certain bits from
-# the environment.
-sub untaint($) {
- my($s) = @_;
+# If anyone's ssh is somewhere other than /bin:/usr/bin, they can specify
+# where it is by setting up their .kuprc. This also lets us run with -T
+# without playing untaint tricks.
+#
+$ENV{'PATH'} = '/bin:/usr/bin';
- $s =~ /^(.*)$/;
- return $1;
-}
-
-$ENV{'PATH'} = untaint($ENV{'PATH'});
if (defined $ENV{'KUP_RSH'}) {
$opt{'rsh'} = $ENV{'KUP_RSH'};
}
