[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #23093] contrib/rcslock.in script fails with perl taint mode enable
|
From: |
John Perkins |
|
Subject: |
[bug #23093] contrib/rcslock.in script fails with perl taint mode enabled |
|
Date: |
Mon, 28 Apr 2008 16:42:59 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5 |
URL:
<http://savannah.nongnu.org/bugs/?23093>
Summary: contrib/rcslock.in script fails with perl taint
mode enabled
Project: Concurrent Versions System
Submitted by: jperkins71
Submitted on: Monday 04/28/2008 at 16:42
Category: Bug Fix (patch attached)
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release:
Fixed Release: None
Fixed Feature Release: None
_______________________________________________________
Details:
The "rcslock" script, shipped as contrib/rcslock.in in current CVS releases,
fails when enabling perl's "taint" mode. This issue exists in stable and
feature releases.
Attached is a patch that attempts to avoid taint mode failures:
- current directory is determined using perl's Cwd module
rather than exec'ing /bin/pwd
- arguments are passed through a regular expression, to
provide minimal argument checking, before passing them to
perl's chdir() in an effort to untaint those arguments
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Monday 04/28/2008 at 16:42 Name: rcslock.patch Size: 3kB By:
jperkins71
<http://savannah.nongnu.org/bugs/download.php?file_id=15545>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?23093>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #23093] contrib/rcslock.in script fails with perl taint mode enabled,
John Perkins <=