Bug #84844 for Log-Message: Open configuration file for reading

Thu Apr 25 04:56:35 2013 ppisar [...] redhat.com - Ticket created

Subject:

Open configuration file for reading

Attached patch fixes one-argument open.

Subject:

0001-Open-configuration-file-for-reading.patch

From 66f18d5a6a6a17f574505b280ca8acc6a21f6451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Thu, 25 Apr 2013 10:51:00 +0200 Subject: [PATCH] Open configuration file for reading This patch opens configuration file for reading only, allows to use file which names starts with special character, like '<', and prevents from opening malicious file like '>/etc/passwd'. Thanks to Florian Weimer for spotting it. --- lib/Log/Message/Config.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Log/Message/Config.pm b/lib/Log/Message/Config.pm index e326e40..5bd115e 100644 --- a/lib/Log/Message/Config.pm +++ b/lib/Log/Message/Config.pm @@ -70,7 +70,7 @@ sub _read_config_file { my $conf = {}; my $FH = new FileHandle; - $FH->open("$file") or ( + $FH->open("$file", 'r') or ( warn(loc(q[Could not open config file '%1': %2],$file,$!)), return {} ); -- 1.8.1.4

Fri Oct 25 17:25:57 2013 BINGOS [...] cpan.org - Correspondence added

According to my records this was resolved with version 0.08. Many thanks.

Fri Oct 25 17:25:58 2013 The RT System itself - Status changed from 'new' to 'open'

Fri Oct 25 17:25:58 2013 BINGOS [...] cpan.org - Status changed from 'open' to 'resolved'

Fri Oct 25 17:25:58 2013 BINGOS [...] cpan.org - Fixed in 0.08 added