On Thu, Jul 2, 2009 at 5:44 PM, Goswin von Brederlow<goswin-...@web.de> wrote: > Russ Allbery <r...@debian.org> writes: > >> Jonathan Yu <jonathan.i...@gmail.com> writes: >> >>> How to fix them? Write Perl scripts, and turn on taint checking -- >>> that fixes the four issues above, because it makes the script exit if >>> any of them look dangerous. Env::Sanctify::Auto is a Perl module that >>> automatically cleans up the paths. >>> >>> My advice: >>> 1. Write scripts that might be run as root (or setuid root) using Perl >>> 2. Turn on taint checking >>> 3. Consider using Env::Sanctify::Auto (shameless plug) >> >> I would really prefer that people not start writing maintainer scripts >> in Perl as a matter of course. Perl is harder to analyze for programs >> like lintian than shell scripts (which are already hard enough). >> >> -- >> Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> > > Not to mention humans. :) Oh.
I read that incorrectly in my reply. Yeah, analyzing Perl via lintian is probably more difficult than shell script, and more likely to raise false positives/etc. Static code analysis is getting a little better with PPI, but Perl is a *very* dynamic language, so it's hard to do analyze it without executing it. In that case, I'd recommend to establish some sort of best practice using these variables, and put it in Policy. As in a contract that programs: 1. Must not set these variables 2. Must not use these variables 3. Must set them to something sane within the scope of the current execution (not necessarily exporting them) So I guess really in practice that just requires people to do: unset CDPATH unset IFS set PATH="/some/safe/path' etc. All of these default/preferred values should be in Policy, and users should be given a list of acceptable things to go in PATH -- for example, allowing developers to use: /usr/bin /usr/local/bin Then a developer is welcome to locally set PATH to a subset of those, like PATH=/usr/bin -- of course we'd need to add something to lintian to parse paths. There are, however, CPAN modules that can do that I believe, and on Debian only it's as simple as split(':', $path) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org