Subject: | GnuPG::Interface causes programs running in Taint mode to fail due to $ENV{PATH} being tainted |
Hey,
After we uploaded GnuPG::Interface v1.0 to Debian, several Perl programs that run with Taint mode failed to run, for example:
https://bugs.debian.org/964878
This is because GnuPG::Interface uses $ENV{PATH} which is tainted. I propose resolving this by detecting if Taint mode is enabled and un-setting the path. This requires that the full path to a gpg binary is provided. I'm resolving this in Debian by changing the default from 'gpg' to '/usr/bin/gpg'.
The proposed patch (minus changing the default binary) is attached.
Cheers,
Andrew
Subject: | detect-taint-mode |
Message body not shown because it is not plain text.