Skip Menu |

This queue is for tickets about the PAR CPAN distribution.

Report information
The Basics
Id: 9490
Status: resolved
Priority: 0/
Queue: PAR

People
Owner: Nobody in particular
Requestors: william [...] knowmad.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.86
Fixed in: (no value)



Subject: Taintmode failures - PATCH
Autrijus, Thanks for the great module! It's going to make deploying my applications much easier. As I was using it this evening, I ran into an issue with taint checks. Line 528 was returning the following error: Insecure dependency in open while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.6/PAR.pm line 528. I have attached a patch that eliminates this problem. Hope you have a chance to apply it in time for the next release. Thanks, William
--- /usr/local/lib/perl5/site_perl/5.8.6/PAR.pm~ 2005-01-07 00:15:37.000000000 -0500 +++ /usr/local/lib/perl5/site_perl/5.8.6/PAR.pm 2005-01-07 00:15:57.000000000 -0500 @@ -525,7 +525,7 @@ return ($fh, 0, $filename); } - ($filename) = $filename =~ /^([\x20-\xff]+)$ + ($filename) = $filename =~ /^([\x20-\xff]+)$/; open my $fh, '+>', $filename or die $!; binmode($fh); return ($fh, 1, $filename);
From: william [...] knowwmad.com
Oops, that first one was a bad patch. This one should work better.
--- PAR.pm.orig 2005-01-18 17:29:25.000000000 -0500 +++ PAR.pm 2005-01-18 17:30:07.000000000 -0500 @@ -525,6 +525,7 @@ return ($fh, 0, $filename); } + ($filename) = $filename =~ /^([\x20-\xff]+)$/; open my $fh, '+>', $filename or die $!; binmode($fh); return ($fh, 1, $filename);
From: william [...] knowwmad.com
Found another instance in PAR.pm that needed to be untainted. Also, upgraded to 0.87 and also found an instance in PAR::Heavy that needed to be untainted. I've included both patches in the attached zipfile. William
Download par.zip
application/x-zip-compressed 1k

Message body not shown because it is not plain text.

[guest - Thu Feb 3 01:27:17 2005]: Show quoted text
> Found another instance in PAR.pm that needed to be untainted. Also, > upgraded to 0.87 and also found an instance in PAR::Heavy that needed to > be untainted. I've included both patches in the attached zipfile. >
Release 0.89 has addressed one of the 4 taintmode patches that I provided in my last message. You can safely ignore the HUNK #2 failure in PAR.pm.diff. William