Skip Menu |

This queue is for tickets about the Sys-Hostname-Long CPAN distribution.

Report information
The Basics
Id: 59833
Status: open
Priority: 0/
Queue: Sys-Hostname-Long
People
Owner: Nobody in particular
Requestors: zdenek.styblik [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in:
  • 1.4
  • 1.5
Fixed in: (no value)
Attachments
smime.p7s

History Show all quoted text
  Thu Jul 29 14:56:20 2010 zdenek.styblik [...] gmail.com - Ticket created
Subject: Sys-Hostname-Long bug with -T switch
Hello, due to exec of external commands, namely hostname, Sys-Hostname-Long gets evaluated as "insecure use". Insecure $ENV{PATH} while running with -T switch at /usr/lib64/perl5/site_perl/5.10.1/Sys/Hostname/Long.pm line XX. The line number varies, but it's around 7x - lines with % su; and % hostname; commands follow. The fix is to define $ENV{PATH}, question is how to satisfy everyone. I've fixed this by setting $ENV{PATH} = '/bin/'. Tested with: Linux darkstar 2.6.31.7 #1 SMP Mon Dec 14 17:36:17 CET 2009 x86_64 AMD Athlon(tm) Dual Core Processor 5050e AuthenticAMD GNU/Linux This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi I've tested this from CGI and CLI (-T). Sys-Hostname-Long is used by other packages in this case. Zdenek
  Thu Jul 29 20:34:00 2010 scott [...] dd.com.au - Correspondence added
Subject: Re: [rt.cpan.org #59833] Sys-Hostname-Long bug with -T switch
Date: Fri, 30 Jul 2010 10:33:47 +1000
To: bug-Sys-Hostname-Long [...] rt.cpan.org
From: Scott Penrose <scott [...] dd.com.au>
Thanks. I will apply the patch. Scott On 30/07/2010, at 4:56 AM, Zdenek Styblik via RT wrote: Show quoted text
> Thu Jul 29 14:56:20 2010: Request 59833 was acted upon. > Transaction: Ticket created by stybla > Queue: Sys-Hostname-Long > Subject: Sys-Hostname-Long bug with -T switch > Broken in: 1.4 > Severity: Important > Owner: Nobody > Requestors: zdenek.styblik@gmail.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=59833 > > > > Hello, > > due to exec of external commands, namely hostname, Sys-Hostname-Long > gets evaluated as "insecure use". > > Insecure $ENV{PATH} while running with -T switch at > /usr/lib64/perl5/site_perl/5.10.1/Sys/Hostname/Long.pm line XX. > > The line number varies, but it's around 7x - lines with % su; and % > hostname; commands follow. > The fix is to define $ENV{PATH}, question is how to satisfy everyone. > I've fixed this by setting $ENV{PATH} = '/bin/'. > > Tested with: > Linux darkstar 2.6.31.7 #1 SMP Mon Dec 14 17:36:17 CET 2009 x86_64 AMD > Athlon(tm) Dual Core Processor 5050e AuthenticAMD GNU/Linux > > This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi > > I've tested this from CGI and CLI (-T). Sys-Hostname-Long is used by > other packages in this case. > > Zdenek
Download smime.p7s
application/pkcs7-signature 3.7k

Message body not shown because it is not plain text.

  Thu Jul 29 20:34:03 2010 The RT System itself - Status changed from 'new' to 'open'
  Sun Sep 20 08:56:58 2015 SREZIC [...] cpan.org - Reference by https://github.com/rjbs/Email-ARF/issues/2 added
  Fri Jul 29 02:06:08 2016 SREZIC [...] cpan.org - Correspondence added
The problem still exists with 1.5 On 2010-07-29 20:34:00, scott@dd.com.au wrote: Show quoted text
> Thanks. I will apply the patch. > > Scott > > On 30/07/2010, at 4:56 AM, Zdenek Styblik via RT wrote: >
> > Thu Jul 29 14:56:20 2010: Request 59833 was acted upon. > > Transaction: Ticket created by stybla > > Queue: Sys-Hostname-Long > > Subject: Sys-Hostname-Long bug with -T switch > > Broken in: 1.4 > > Severity: Important > > Owner: Nobody > > Requestors: zdenek.styblik@gmail.com > > Status: new > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=59833 > > > > > > > Hello, > > > > due to exec of external commands, namely hostname, Sys-Hostname-Long > > gets evaluated as "insecure use". > > > > Insecure $ENV{PATH} while running with -T switch at > > /usr/lib64/perl5/site_perl/5.10.1/Sys/Hostname/Long.pm line XX. > > > > The line number varies, but it's around 7x - lines with % su; and % > > hostname; commands follow. > > The fix is to define $ENV{PATH}, question is how to satisfy everyone. > > I've fixed this by setting $ENV{PATH} = '/bin/'. > > > > Tested with: > > Linux darkstar 2.6.31.7 #1 SMP Mon Dec 14 17:36:17 CET 2009 x86_64 AMD > > Athlon(tm) Dual Core Processor 5050e AuthenticAMD GNU/Linux > > > > This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi > > > > I've tested this from CGI and CLI (-T). Sys-Hostname-Long is used by > > other packages in this case. > > > > Zdenek
>
  Fri Jul 29 02:06:20 2016 SREZIC [...] cpan.org - Broken in 1.5 added
  Fri Jul 29 02:14:58 2016 SREZIC [...] cpan.org - Reference by ticket #116565 added