Skip Menu |

This queue is for tickets about the Config-Crontab CPAN distribution.

Report information
The Basics
Id: 83956
Status: resolved
Priority: 0/
Queue: Config-Crontab
People
Owner: scott [...] mailblock.net
Requestors: jordanhiller [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Mar 14 15:16:05 2013 jordanhiller [...] gmail.com - Ticket created
Subject: Taint mode
Date: Thu, 14 Mar 2013 13:15:35 -0600
To: bug-Config-Crontab [...] rt.cpan.org
From: Jordan Hiller <jordanhiller [...] gmail.com>
Hello, In taint mode I have to unset $ENV{PATH}, making the module's calls to `crontab ...` fail. Taint mode makes it necessary to use the full path, for example `/usr/bin/crontab ...` Maybe a config parameter could be provided to set a custom path to the crontab program? Thanks, this module is really useful and well-done.
  Sat Mar 16 11:51:35 2013 scott [...] mailblock.net - Correspondence added
On Thu Mar 14 15:16:05 2013, jhiller wrote: Show quoted text
> In taint mode I have to unset $ENV{PATH}, making the module's calls to > `crontab ...` fail. Taint mode makes it necessary to use the full path, for > example `/usr/bin/crontab ...`
If you set your $ENV{PATH} to "/usr/bin" (or wherever your crontab binary is), will it pass taint checks? The "Cleaning Up Your Path" section of `perldoc perlsec` suggests that will work. Let me know. Scott
  Sat Mar 16 11:51:36 2013 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 16 17:26:39 2013 jordanhiller [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #83956] Taint mode
Date: Sat, 16 Mar 2013 15:26:10 -0600
To: bug-Config-Crontab [...] rt.cpan.org
From: Jordan Hiller <jordanhiller [...] gmail.com>
You're right, that does seem to do the trick. Thanks. On 16 March 2013 09:51, Scott Wiersdorf via RT < bug-Config-Crontab@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=83956 > >
If you set your $ENV{PATH} to "/usr/bin" (or wherever your crontab binary Show quoted text
> is), will it pass taint > checks? The "Cleaning Up Your Path" section of `perldoc perlsec` suggests > that will work. Let > me know. > > Scott > >
  Sat Mar 16 18:05:17 2013 scott [...] mailblock.net - Correspondence added
Ok good to know, and glad you like the module.
  Sat Mar 16 18:05:20 2013 scott [...] mailblock.net - Status changed from 'open' to 'resolved'
  Sat Mar 16 18:05:20 2013 scott [...] mailblock.net - Given to SCOTTW