Skip Menu |

This queue is for tickets about the Net-SFTP-Foreign CPAN distribution.

Report information
The Basics
Id: 17469
Status: resolved
Worked: 2 hours (120 min)
Priority: 0/
Queue: Net-SFTP-Foreign
People
Owner: Nobody in particular
Requestors: mnology [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 0.57
Fixed in: (no value)

History Show all quoted text
  Fri Feb 03 12:37:30 2006 Guest - Ticket created
Subject: Get fails with -T(Insecure dependency in chmod)
Retrieving a filename in a scalar taint checked like so: if( $local =~ m{([\w./]+)}smx ) { $local = $1; } else { die "Bad filename: $local"; } And getting the file like so: $sftp->get( $remote, $local ); Fails with taint checking turned on, like so: Insecure dependency in chmod while running with -T switch at ../Net/SFTP/Foreign.pm line 373. My understanding of taint checking was that the untainted flag would be passed on to the 'get' method. But apparently tainted flag is being reset when $local is passed to get. Making me believe that the 'get' method needs to taint check so the chmod succeeds with -T. ===== Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=aix, osvers=5.3.0.0, archname=aix-thread-multi uname='aix northstar 3 5 00ce23da4c00 unknown unknown aix ' config_args='-des -Dcc=gcc -Dusethreads -Dprefix=/usr/local/perl5 -Dmksymlinks' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-D_THREAD_SAFE -D_ALL_SOURCE -D_ANSI_C_SOURCE -D_POSIX_SOURCE -DUSE_NATIVE_DLOPEN -DNEED_PTHREAD_INIT -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGE_FILES', optimize='-O', cppflags='-D_THREAD_SAFE -D_ALL_SOURCE -D_ANSI_C_SOURCE -D_POSIX_SOURCE -DUSE_NATIVE_DLOPEN -DNEED_PTHREAD_INIT -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.0.2', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=8 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='gcc', ldflags =' -Wl,-brtl -Wl,-bdynamic -Wl,-bmaxdata:0x80000000 -L/usr/local/lib -Wl,-b32' libpth=/usr/local/lib /lib /usr/lib /usr/ccs/lib libs=-lbind -lnsl -lgdbm -ldbm -ldb -ldl -lld -lm -lcrypt -lpthreads -lc -lbsd perllibs=-lbind -lnsl -ldl -lld -lm -lcrypt -lpthreads -lc -lbsd libc=/lib/libc.a, so=a, useshrplib=false, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_aix.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Xlinker -bE:/usr/local/perl5/lib/5.8.7/aix-thread-multi/CORE/perl.exp' cccdlflags=' ', lddlflags=' -Wl,-bhalt:4 -Wl,-bexpall -Wl,-G -Wl,-bnoentry -lpthreads -lc -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES PERL_IMPLICIT_CONTEXT Built under aix Compiled at Dec 13 2005 16:27:57 @INC: /usr/local/perl5/lib/5.8.7/aix-thread-multi /usr/local/perl5/lib/5.8.7 /usr/local/perl5/lib/site_perl/5.8.7/aix-thread-multi /usr/local/perl5/lib/site_perl/5.8.7 /usr/local/perl5/lib/site_perl .
  Sun Apr 23 08:29:19 2006 salva [...] cpan.org - Status changed from 'new' to 'resolved'