develooper Front page | perl.perl5.porters | Postings from February 2004

Re: [perl #15063] /tmp issues

Thread Previous | Thread Next
From:
Nicholas Clark
Date:
February 4, 2004 15:14
Subject:
Re: [perl #15063] /tmp issues
Message ID:
20040204225926.GN46380@plum.flirble.org
On Sun, Feb 01, 2004 at 09:18:16PM +0000, Dave Mitchell wrote:
> On Sun, Feb 01, 2004 at 11:40:05PM +0300, Solar Designer wrote:
> > On Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote:

> > > utils/perlbug.PL
> > > 
> > >     This is designed to run on old 5.005 syststems, and as such it can't
> > >     rely on File::Temp, so I didn't apply this one.
> > 
> > Hmm.  Perhaps I am missing something, but why does the version of
> > perlbug included in recent versions of Perl need to work with some
> > other version?  The unpatched perlbug has a race (a security hole).
> 
> Because someone trying but failing to install a newer version of
> Perl on a system can do
> 
> 	/usr/bin/old-working-perl newperl-installdir/bin/perlbug ...
> 
> But yes, it needs fixing somehow.

Also you may run perlbug like that if you have more than one version of perl
installed and you want to report a bug in /usr/bin/old-working-perl
If over time you install 5.5.x, 5.6.x, 5.8.x, then /usr/bin/perlbug will
no longer the one installed at the same time as /usr/bin/perl5.00503
(/usr/bin/perl5.00503 isn't deleted when /usr/bin/perl5.8.3 is installed)

From memory, I think that that the intent of specific patch hunk could be
applied by doing eval { require File::Temp }, and falling back to the older
unsafe code if the File::Temp module is not available.

Nicholas Clark

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About