[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #23093] contrib/rcslock.in script fails with perl taint mode enable

From: John Perkins
Subject: [bug #23093] contrib/rcslock.in script fails with perl taint mode enabled
Date: Mon, 28 Apr 2008 16:42:59 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5


                 Summary: contrib/rcslock.in script fails with perl taint
mode enabled
                 Project: Concurrent Versions System
            Submitted by: jperkins71
            Submitted on: Monday 04/28/2008 at 16:42
                Category: Bug Fix (patch attached)
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
           Fixed Release: None
   Fixed Feature Release: None



The "rcslock" script, shipped as contrib/rcslock.in in current CVS releases,
fails when enabling perl's "taint" mode.  This issue exists in stable and
feature releases.

Attached is a patch that attempts to avoid taint mode failures:
 - current directory is determined using perl's Cwd module 
   rather than exec'ing /bin/pwd
 - arguments are passed through a regular expression, to 
   provide minimal argument checking, before passing them to 
   perl's chdir() in an effort to untaint those arguments


File Attachments:

Date: Monday 04/28/2008 at 16:42  Name: rcslock.patch  Size: 3kB   By:



Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]