diff --git a/source3/script/tests/fake_snap.pl b/source3/script/tests/fake_snap.pl
index d88307eaecc..b8795453d67 100755
--- a/source3/script/tests/fake_snap.pl
+++ b/source3/script/tests/fake_snap.pl
@@ -22,8 +22,8 @@ sub _create_snapshot
 	my $snap_path = $base_path . "/.snapshots/\@GMT-" . $time_str;
 	my $ret;
 
-	delete @ENV{'BASH_ENV'};
-
+	# https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
+	delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; # Make %ENV safer
 	$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
 	POSIX::mkdir($base_path . "/.snapshots", 0755);
 
@@ -50,6 +50,8 @@ sub _delete_snapshot
 		return -1;
 	}
 
+        # https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
+        delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; # Make %ENV safer
 	$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
 	rmtree($snap_path, {error => \my $err});
 	if (@$err) {
diff --git a/source3/script/tests/printing/modprinter.pl b/source3/script/tests/printing/modprinter.pl
index fc71e665451..154641fc8de 100755
--- a/source3/script/tests/printing/modprinter.pl
+++ b/source3/script/tests/printing/modprinter.pl
@@ -121,6 +121,7 @@ while (<CONFIGFILE>) {
 		print CONFIGFILE_NEW $line;
 	}
 }
+
 if ($opt_add) {
 	print CONFIGFILE_NEW "[$share_name]\n\tprintable = yes\n\tpath = /tmp\n";
 }
@@ -131,8 +132,8 @@ if ($opt_delete && ($found_section == 0)) {
 	die "share $share_name not found";
 }
 
-delete @ENV{'BASH_ENV'};
-
+# https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; # Make %ENV safer
 $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
 system("cp", "$tmp", "$smb_conf_file");
 unlink $tmp;