Package: perl Version: 5.8.4-5 Severity: normal Tags: sarge The following script causes a strange taint error when supplied with two command-line parameters:
#!/usr/bin/perl -T use constant C_A => $ARGV[0]; use constant C_B => $ARGV[1]; index(C_A, C_B); open(FOO, "-|"); Result: $ ./taint.pl aaa bbb Insecure dependency in piped open while running with -T switch at ./taint.pl line 5. Commenting out the index() makes the error disappear, as does refraining from supplying one or both of the args. An index() shouldn't impact an open(), and the open() shouldn't ever cause a taint error anyway (it just opens a pipe and forks). The problem does not seem reproducable using variables, subroutines, or direct reference to @ARGV -- only the 'constant' module. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages perl depends on: ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [ ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime ii perl-base 5.8.4-5 The Pathologically Eclectic Rubbis ii perl-modules 5.8.4-5 Core Perl modules -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]