I’ve been running into some problems porting a perl based CGI program from Linux to windows lately. The key issue is that when running perl in taint mode, you must set the PATH environment variable to some known string prior to doing anything which executes another common (exec, system, backticks etc.). The problem is that clearing the path means that perl is then unable to find the cmd.exe shell when running on Windows.

I’m not all that up on Windows programming in perl, but it seems that adding in any particular path (say C:\WINDOWS\system32) isn’t likely to work if Windows is installed in some unusual location. Unfortunately avoiding the shell processing (by passing a list of arguments to system or exec rather than a string) isn’t looking like it’s a viable option either, at least in the short term, so I’m more or less stuck.

I’m sure there’s some sort for clever trick for solving this, but Google has not turned up anything obvious. Perhaps, as a last resort, there’s some way to find out where Windows is installed through the registry?

Update

Thanks to Victor for his suggestion about the registry. What I ended up doing was looking at the SystemRoot environment variable with some code along the lines of the following.

delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
if ($^O =~ /win/i) {
            # Perl must be able to find cmd.exe, so add
            # C:\WINDOWS\system32 to the path
            $ENV{'SystemRoot'} =~ /([A-Z]:(\\[A-Za-z0-9_]+)+)/;
            my $system32_dir = catdir($1,'system32');
            $ENV{'PATH'} = $system32_dir;
}
exec($command);

If anyone has suggestion, or just knows for a fact that this will fail in some case, please let me know (in the comments).

Technorati Tags: , , ,