Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

do 'file' under taint checking #216

Closed
p5pRT opened this issue Jul 20, 1999 · 1 comment
Closed

do 'file' under taint checking #216

p5pRT opened this issue Jul 20, 1999 · 1 comment

Comments

@p5pRT
Copy link

@p5pRT p5pRT commented Jul 20, 1999

Migrated from rt.perl.org#1022 (status was 'resolved')

Searchable as RT1022$

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jul 20, 1999

From @tamias

do 'file'; fails silently under taint checking. I have confirmed this
problem with perl5.004_04 and perl5.005_03. Doesn't seem to be documented,
so I'm reporting it.

taintdo.pl​:

#!perl -w

print "Will do it.\n";

$do = do 'doit.pl';

if (not defined $do) {
  print "Didn't do it​:\n$!\n$@​\n";
} else {
  print "Did it.\n";
}

doit.pl​:

print "Doing it.\n";

~> perl taintdo.pl
Will do it.
Doing it.
Did it.
~> perl -T taintdo.pl
Will do it.
Didn't do it​:
No such file or directory

~>

(Of course, the file still exists, that's just the unset value of $!
reporting file not found.)

I could find nothing in either perlsec or perlfunc about this interaction
between taint checking and do.

After finally figuring out the problem (no, I'm not going crazy!) I worked
around it by replacing do with require. It would be nice to get this
either fixed or documented, though.

(I'm reporting this with perl5.004_04, but it applies to perl5.005_03 as
well.)

Perl Info


Site configuration information for perl 5.00404:

Configured by scotth at Wed Dec  3 09:14:22 PST 1997.

Summary of my perl5 (5.0 patchlevel 4 subversion 4) configuration:
  Platform:
    osname=irix, osvers=6.5, archname=irix-n32
    uname='irix hoshi 6.5 11251326 ip22 '
    hint=recommended, useposix=true, d_sigaction=define
    bincompat3=y useperlio=define d_sfio=undef
  Compiler:
    cc='cc -n32 -mips3', optimize='-O3 -mips3', gccversion=
    cppflags='-D_BSD_SIGNALS -D_BSD_TYPES -D_BSD_TIME -OPT:Olimit=0:space=ON -DLANGUAGE_C -DEMBEDMYMALLOC'
    ccflags ='-D_BSD_SIGNALS -D_BSD_TYPES -D_BSD_TIME -woff 1009,1110,1184 -OPT:Olimit=0:space=ON -DLANGUAGE_C -DEMBEDMYMALLOC'
    stdchar='unsigned char', d_stdstdio=define, usevfork=false
    voidflags=15, castflags=0, d_casti32=define, d_castneg=define
    intsize=4, alignbytes=8, usemymalloc=y, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-n32'
    libpth=/usr/lib32 /lib32
    libs=-lm
    libc=/usr/lib32/libc.so, so=so
    useshrplib=true, libperl=libperl.so.4.4
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=''
    cccdlflags=' ', lddlflags='-n32 -mips3 -shared'

Locally applied patches:
	


@INC for perl 5.00404:
	/usr/share/lib/perl5/irix-n32/5.00404
	/usr/share/lib/perl5
	/usr/share/lib/perl5/site_perl/irix-n32
	/usr/share/lib/perl5/site_perl
	/usr/share/lib/perl5/sgi_perl
	.


Environment for perl 5.00404:
    HOME=/usr/people/rjk
    LANG=C
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/usr/bin/X11:/usr/linguist/bin:/usr/local/bin:/usr/afsws/bin:/usr/etc:/usr/people/rjk/scripts:/usr/people/rjk/bin:.
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant