develooper Front page | perl.perl5.porters | Postings from May 2003

[perl #22270] tainting inconsistency with . operator

Thread Next
From:
perlbug-followup
Date:
May 21, 2003 12:34
Subject:
[perl #22270] tainting inconsistency with . operator
Message ID:
rt-22270-57923.1.43855184297493@bugs6.perl.org
# New Ticket Created by  nick@penfold.uucp 
# Please include the string:  [perl #22270]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt2/Ticket/Display.html?id=22270 >



This is a bug report for perl from nick@penfold.uucp,
generated with the help of perlbug 1.26 running under perl 5.00405.


-----------------------------------------------------------------
[Please enter your report here]

$ perl5.00405 -T -le 'delete $ENV{PATH}; my $d = $^X . "" . `/bin/true`'
Insecure dependency in `` while running with -T switch at -e line 1.
$ perl5.00405 -T -le 'delete $ENV{PATH}; my $d = "" . $^X . `/bin/true`'
Insecure dependency in `` while running with -T switch at -e line 1.
$ perl5.00405 -T -le 'delete $ENV{PATH}; my $d = lc ($^X) . `/bin/true`'
Insecure dependency in `` while running with -T switch at -e line 1.
$ perl5.00405 -T -le 'delete $ENV{PATH}; my $d = $^X . `/bin/true`'
$

I don't see why that last is any different. Surely it should also be
an insecure dependency?

Bug still present in blead

Nicholas Clark

[Please do not change anything below this line]
-----------------------------------------------------------------

---
Site configuration information for perl 5.00405:

Configured by nick at Tue Jan  7 14:56:55 GMT 2003.

Summary of my perl5 (5.0 patchlevel 4 subversion 5) configuration:
  Platform:
    osname=linux, osvers=2.4.19, archname=i686-linux-gcov
    uname='linux penfold 2.4.19 #1 sat aug 10 22:59:35 bst 2002 i686 unknown unknown gnulinux '
    hint=recommended, useposix=true, d_sigaction=define
    bincompat3=n useperlio=undef d_sfio=undef
  Compiler:
    cc='gcc-3.2', optimize='-O3 -fprofile-arcs', gccversion=3.2.1
    cppflags='-Dbool=char -DHAS_BOOL -I/usr/local/include'
    ccflags ='-Dbool=char -DHAS_BOOL -I/usr/local/include'
    stdchar='char', d_stdstdio=undef, usevfork=false
    intsize=4, longsize=4, ptrsize=undef, doublesize=undef
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='gcc-3.2', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lgdbm -ldbm -ldl -lm -lc -lcrypt
    libc=/lib/libc-2.3.1.so, so=so
    useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl 5.00405:
    /home/nick/lib/i686-linux-gcov/5.00405
    /home/nick/lib
    /home/nick/lib/site_perl/i686-linux-gcov
    /home/nick/lib/site_perl
    .

---
Environment for perl 5.00405:
    HOME=/home/nick
    LANG=C
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/nick/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11/bin:/usr/contrib/bin:/usr/games:/usr/sbin:/usr/ucb:/sbin:/usr/etc:/data3/src/emacs/bin/i386-unknown-bsdi2.1/
    PERL_BADLANG (unset)
    SHELL=/bin/bash


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About