[ANN] Dynamically linked perl5.005_03 binary & patches

[Fifer, Eric]

>> t/examp.............Insecure $ENV{PATH} while running with -T switch at
/usr/local/lib/perl5/5.00503/Cwd.pm line 82.
>> dubious
>>         Test returned status 255 (wstat 65280, 0xff00)
>> DIED. FAILED tests 30-186
>>         Failed 157/186 tests, 15.59% okay
>>
>
>
>This *may* be related to the patches applied to miniperlmain.c, mg.c, and
util.c that were put there work around an environment handling problem >in
Cygwin. That's just based on the ${ENV} comment. Looking at the
>code, it doesn't seem to apply:
>
>sub _backtick_pwd {
>    my $cwd;
>    chop($cwd = `pwd`); <<<< line 82
>    $cwd;
>}

The message means what it says, t/examp.t turns on taint checking (-T) and
$ENV{PATH} has not been set to anything secure, so it is still tainted when
it goes to run `pwd`.  See perlsec.pod for details.

When I remove the -T switch from t/examp.t I get:

	t/examp.............FAILED tests 181-186
       	 Failed 6/186 tests, 96.77% okay

It looks like Cwd.pm needs some work if you want to run with taint checking
on.

Eric Fifer

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com