Front page | perl.perl5.porters |
Postings from February 2004
On Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote: > On Mon, Jan 26, 2004 at 01:22:18AM +0300, Solar Designer wrote: > > Well, our package has been updated to Perl 5.8.3, and attached to this > > message you can find the new temporary file handling patch. > > Thanks, applied to bleedperl as change #22255, except for the following: Thank you! My comments on the non-applied changes below: > Many systems don't have a /var/run directory, or it is only writeable by root; > so in the following files I didn't change the examples from '/tmp/foo' > to '/var/run/foo'; instead I changed them to just 'foo' or '/some/path/foo' > as appropriate: > > ext/DB_File/DB_File.pm > ext/Storable/Storable.pm > lib/CGI/Cookie.pm > pod/perldbmfilter.pod OK. > ext/ODBM_File/ODBM_File.xs > changed "/nonexistent" to "/non/exist/ent" -less likelyhood of the > file actually being created, eg by a bug in the script OK. > lib/CGI.pm > I didn't apply this! > > +# XXX: The temporary file handling implemented in here is crap. It should > +# be re-done making use of File::Temp. OK, but it does need to be re-worked! The current code is insecure. I don't think it can be fixed without changing user-visible interfaces, unfortunately. > lib/CPAN.pm > didn't apply this: > > # If more accuracy is wanted/needed, Chris Leach sent me this patch... > > # > *** /install/perl/live/lib/CPAN.pm- Wed Sep 24 13:08:48 1997 > - # > --- /tmp/cp Wed Sep 24 13:26:40 1997 > + # > --- cp Wed Sep 24 13:26:40 1997 OK, although not having "/tmp" there would save me and others a few seconds when checking subsequent versions of Perl with grep. > lib/ExtUtils/instmodsh > it no longer uses the tmp file it creates, so I just removed the > $tmp = "/tmp/inst.$$" > line instead. Great! > lib/perl5db.pl > pod/perldebug.pod > rather than changing the tty file from /tmp/perldbtty$$ to > /var/run/perldbtty$$, I changed it to .perldbtty$$ > Note that this is a user-visible change. OK. > utils/perlbug.PL > > This is designed to run on old 5.005 syststems, and as such it can't > rely on File::Temp, so I didn't apply this one. Hmm. Perhaps I am missing something, but why does the version of perlbug included in recent versions of Perl need to work with some other version? The unpatched perlbug has a race (a security hole). Thanks again, -- AlexanderThread Previous | Thread Next