An application should never assume that anything about the users environment is sane.
This includes (but is certainly not limited to): user input, signals, environment
variables, resources, IPC, mmaps, the filesystem working directory, file descriptors, the
# of open files, etc.
You should never assume that you can catch all forms of invalid input that a user
might supply. Instead, your application should use positive filtering to only allow a
specific subset of inputs that you deem safe. Improper data validation has been the cause
of many exploits, especially with CGI scripts on the world wide web. For filenames you
need to be extra careful about paths ("../", "/"), symbolic links, and shell escape
Perl has a really cool feature called "Taint" mode which can be used to prevent
scripts from using data derived outside the program in an unsafe way. This mode will
check command line arguments, environment variables, locale information, the results of
certain syscalls (
getpwxxx(), and all