Run external commands only with localized sanitized $ENV{PATH}.

p4raw-id: //depot/perl@19621

diff --git a/ext/Sys/Hostname/Hostname.pm b/ext/Sys/Hostname/Hostname.pm
index efc8d38..632ea9b 100644 (file)
--- a/ext/Sys/Hostname/Hostname.pm
+++ b/ext/Sys/Hostname/Hostname.pm
@@ -72,6 +72,8 @@ sub hostname {
   else {  # Unix
     # is anyone going to make it here?
 
+    local $ENV{PATH} = '/usr/bin:/bin:/usr/sbin:/sbin'; # Paranoia.
+
     # method 2 - syscall is preferred since it avoids tainting problems
     # XXX: is it such a good idea to return hostname untainted?
     eval {