![Wed Nov 06 09:27:21 2013 (1.2k) by erp [...] movis.dk](/Ticket/Attachment/1284289/680600/gehfbacc.gif){kind=link}
![Wed Nov 06 09:32:24 2013 (1.2k) by erp [...] movis.dk](/Ticket/Attachment/1284299/680610/ggidbhbb.gif){kind=link}
| Subject: | Taint-mode related bug in write_file for edit_file and edit_file_lines |
| Date: | Wed, 06 Nov 2013 15:24:50 +0100 |
| To: | bug-File-Slurp [...] rt.cpan.org |
| From: | "Emil R. Petersen" <erp [...] movis.dk> |
Hello.
When using File::Slurp I came across the following bug with using
edit_file or edit_file_lines
This is the code I was running (Simplified for show-and-tell):
my $key = 'ssid'; my $value = '11'; my $config_file = '/etc/hostapd.conf';
taint $config_file;
edit_file_lines sub { $_ = "$key=$value" if /$key=/ }, $config_file;
This failed with:
"edit_file_lines '/etc/hostapd.conf' - write_file: at
/usr/sbin/daemon.pl line 275"
This error message, as you can see, is not complete descriptive - It
shows that something
goes wrong with writing, but not exactly what.
It turns out that $config_file was tainted (which was not entirely
obvious in my code), which caused
this error. Presumably, write_file doesn't set $! properly, which hides
exactly what is going on.
If File::Slurp could set $!/@! properly when trying to write a tainted
filehandle, that would simply
debugging in the long run.
--
Med venlig hilsen/Best regards
*Emil R. Petersen*
Backend Software Engineer
erp@movis.dk
------------------------------------------------------------------------
Nørrebrogade 110A, 1.
2200 København N
Denmark
www.movis.dk <http://www.movis.dk>