URL:
<http://savannah.nongnu.org/bugs/?23093>
Summary: contrib/rcslock.in script fails with perl taint
mode enabled
Project: Concurrent Versions System
Submitted by: jperkins71
Submitted on: Monday 04/28/2008 at 16:42
Category: Bug Fix (patch attached)
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release:
Fixed Release: None
Fixed Feature Release: None
_______________________________________________________
Details:
The "rcslock" script, shipped as contrib/rcslock.in in current CVS releases,
fails when enabling perl's "taint" mode. This issue exists in stable and
feature releases.
Attached is a patch that attempts to avoid taint mode failures:
- current directory is determined using perl's Cwd module
rather than exec'ing /bin/pwd
- arguments are passed through a regular expression, to
provide minimal argument checking, before passing them to
perl's chdir() in an effort to untaint those arguments
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Monday 04/28/2008 at 16:42 Name: rcslock.patch Size: 3kB By:
jperkins71
<http://savannah.nongnu.org/bugs/download.php?file_id=15545>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?23093>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
Bug-cvs mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/bug-cvs
