bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #23093] contrib/rcslock.in script fails with perl taint mode enable


From: John Perkins
Subject: [bug #23093] contrib/rcslock.in script fails with perl taint mode enabled
Date: Mon, 28 Apr 2008 16:42:59 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5

URL:
  <http://savannah.nongnu.org/bugs/?23093>

                 Summary: contrib/rcslock.in script fails with perl taint
mode enabled
                 Project: Concurrent Versions System
            Submitted by: jperkins71
            Submitted on: Monday 04/28/2008 at 16:42
                Category: Bug Fix (patch attached)
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
           Fixed Release: None
   Fixed Feature Release: None

    _______________________________________________________

Details:

The "rcslock" script, shipped as contrib/rcslock.in in current CVS releases,
fails when enabling perl's "taint" mode.  This issue exists in stable and
feature releases.

Attached is a patch that attempts to avoid taint mode failures:
 - current directory is determined using perl's Cwd module 
   rather than exec'ing /bin/pwd
 - arguments are passed through a regular expression, to 
   provide minimal argument checking, before passing them to 
   perl's chdir() in an effort to untaint those arguments




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Monday 04/28/2008 at 16:42  Name: rcslock.patch  Size: 3kB   By:
jperkins71

<http://savannah.nongnu.org/bugs/download.php?file_id=15545>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?23093>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]