Package: perl
Version: 5.8.4-5
Severity: normal
Tags: sarge
The following script causes a strange taint error when supplied with two
command-line parameters:
#!/usr/bin/perl -T
use constant C_A => $ARGV[0];
use constant C_B => $ARGV[1];
index(C_A, C_B);
open(FOO, "-|");
Result:
$ ./taint.pl aaa bbb
Insecure dependency in piped open while running with -T switch
at ./taint.pl line 5.
Commenting out the index() makes the error disappear, as does refraining
from supplying one or both of the args.
An index() shouldn't impact an open(), and the open() shouldn't ever
cause a taint error anyway (it just opens a pipe and forks).
The problem does not seem reproducable using variables, subroutines, or
direct reference to @ARGV -- only the 'constant' module.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Versions of packages perl depends on:
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [
ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime
ii perl-base 5.8.4-5 The Pathologically Eclectic Rubbis
ii perl-modules 5.8.4-5 Core Perl modules
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
