Taint mode is something I've never got along with, but for running external programs p3rl.org/IPC::System::Simple lets you make all the shell injection risks go away (and can be used in a script destined for p3rl.org/App::FatPacker so you're still deploying a single file).
Writing secure anything is extremely hard, but 'avoid backticks, single-arg system, and 2-arg open like the plague' tends to reduce the hardness in perl back to something reasonable similar to the hardness of doing it in other languages.
Writing secure anything is extremely hard, but 'avoid backticks, single-arg system, and 2-arg open like the plague' tends to reduce the hardness in perl back to something reasonable similar to the hardness of doing it in other languages.
(at least it's not shell ... arghsob)