develooper Front page | perl.perl5.porters | Postings from October 2001

Re: [ID 20011030.064] File::Temp tempdir (CLEANUP => 1) and -T on OpenBSD 2.9

Thread Previous
From:
rgarciasuarez
Date:
October 30, 2001 05:34
Subject:
Re: [ID 20011030.064] File::Temp tempdir (CLEANUP => 1) and -T on OpenBSD 2.9
Message ID:
slrn9ttb36.plg.rgarciasuarez@rafael.kazibao.net
Alex Farber reported:
> 
> the same problem as in ID 20011030.063:
> 
> 
>     #!/usr/bin/perl -wT
> 
>     BEGIN { %ENV = () }
> 
>     use File::Temp qw (tempdir);
> 
>     $tempdir = tempdir (CLEANUP => 1);
> 
>     $tempdir = $1 if $tempdir =~ /(\S*)/;
>     print "$tempdir\n";
>     system ("/usr/bin/touch $tempdir/xxx") and die $!;
> 
> produces:
> 
> pref:alex {140} ./temp.pl
> /tmp/oQp5wJKtTU
> Insecure dependency in unlink while running with -T switch at /usr/libdata/perl5/File/Path.pm
> line 220.
> END failed--call queue aborted.

Apparently, that's because File::Path::rmtree does not work with taint
checks on. rmtree() uses readdir() to get the contents of the
subdirectories. And File/Path.t does not pass with -T.

I can provide a patch for that, but how should I untaint the data ?
I guess that something like
    @files = map { /^(.*)$/; $1 } @files;
should be OK.

-- 
Rafael Garcia-Suarez

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About