This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
RE: [ANN] Dynamically linked perl5.005_03 binary & patches
- To: cygwin@sourceware.cygnus.com
- Subject: RE: [ANN] Dynamically linked perl5.005_03 binary & patches
- From: "Fifer, Eric" <EFifer@sanwaint.com>
- Date: Fri, 28 May 1999 08:10:44 +0100
>> t/examp.............Insecure $ENV{PATH} while running with -T switch at
/usr/local/lib/perl5/5.00503/Cwd.pm line 82.
>> dubious
>> Test returned status 255 (wstat 65280, 0xff00)
>> DIED. FAILED tests 30-186
>> Failed 157/186 tests, 15.59% okay
>>
>
>
>This *may* be related to the patches applied to miniperlmain.c, mg.c, and
util.c that were put there work around an environment handling problem >in
Cygwin. That's just based on the ${ENV} comment. Looking at the
>code, it doesn't seem to apply:
>
>sub _backtick_pwd {
> my $cwd;
> chop($cwd = `pwd`); <<<< line 82
> $cwd;
>}
The message means what it says, t/examp.t turns on taint checking (-T) and
$ENV{PATH} has not been set to anything secure, so it is still tainted when
it goes to run `pwd`. See perlsec.pod for details.
When I remove the -T switch from t/examp.t I get:
t/examp.............FAILED tests 181-186
Failed 6/186 tests, 96.77% okay
It looks like Cwd.pm needs some work if you want to run with taint checking
on.
Eric Fifer
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com