Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender:	cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To:	mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID:	<71E287AB0D94D111BBD600600849EC8185EDD3@POST>
From:	"Fifer, Eric" <EFifer AT sanwaint DOT com>
To:	cygwin AT sourceware DOT cygnus DOT com
Subject:	RE: [ANN] Dynamically linked perl5.005_03 binary & patches
Date:	Fri, 28 May 1999 08:10:44 +0100
MIME-Version:	1.0
X-Mailer:	Internet Mail Service (5.5.2232.9)

>> t/examp.............Insecure $ENV{PATH} while running with -T switch at
/usr/local/lib/perl5/5.00503/Cwd.pm line 82.
>> dubious
>>         Test returned status 255 (wstat 65280, 0xff00)
>> DIED. FAILED tests 30-186
>>         Failed 157/186 tests, 15.59% okay
>>
>
>
>This *may* be related to the patches applied to miniperlmain.c, mg.c, and
util.c that were put there work around an environment handling problem >in
Cygwin. That's just based on the ${ENV} comment. Looking at the
>code, it doesn't seem to apply:
>
>sub _backtick_pwd {
>    my $cwd;
>    chop($cwd = `pwd`); <<<< line 82
>    $cwd;
>}

The message means what it says, t/examp.t turns on taint checking (-T) and
$ENV{PATH} has not been set to anything secure, so it is still tainted when
it goes to run `pwd`.  See perlsec.pod for details.

When I remove the -T switch from t/examp.t I get:

	t/examp.............FAILED tests 181-186
       	 Failed 6/186 tests, 96.77% okay

It looks like Cwd.pm needs some work if you want to run with taint checking
on.

Eric Fifer

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -