

Listing 4 - /cgi-bin/mconnect

#!/usr/local/bin/taintperl
# Security wrapper for /opt/sysadmin/unsecure_mconnect
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
# Only capture variables of the form matching:
#    Begining of line
#    Zero or more alphanumeric[0-9a-zA-Z_ ] or '.' periods
#    End of line
$ARGV[0] =~ /^([\w.@ ]*)$/;
$first = $1;
system '/opt/sysadmin/unsecure_mconnect', $first;


