Package: safe-rm
Version: 0.8-6
Severity: normal
Tags: patch
--- Please enter the report below this line. ---
Hi, Francois!
I've been able to reproduce this bug since the squeeze days, and have
applied the attached patch locally. Now that I'm on wheezy I figured I
should have reported this before:
Now and then I get the following error while doing different tasks, but
I could reproduce it easily by running `mk-build-deps' from the package
devscripts:
Insecure $ENV{IFS} while running with -t switch at /usr/bin/rm line 110.
Insecure dependency in system while running with -t switch
at /usr/bin/rm line 110.
The patch is simple, but it makes safe-rm use the default value for IFS:
$ set | grep ^IFS=
Regards!
Teresa e Junior
--- System information. ---
Architecture: i386
Kernel: Linux 3.8-13.dmz.1-liquorix-686
Debian Release: 7.0
500 unstable liquorix.net
500 stable www.deb-multimedia.org
500 stable security.debian.org
500 stable ftp.debian.org
500 stable deb.opera.com
500 precise ppa.launchpad.net
200 wheezy-backports ftp.debian.org
--- Package information. ---
Depends (Version) | Installed
==========================-+-===========
debconf (>= 0.5) | 1.5.49
OR debconf-2.0 |
Package's Recommends field is empty.
Package's Suggests field is empty.
--- /usr/bin/safe-rm~ 2010-05-20 00:00:00.000000000 -0300
+++ /usr/bin/safe-rm 2011-05-28 19:34:25.218844678 -0300
@@ -107,6 +107,7 @@
}
# Run the real rm command, returning with the same error code
+$ENV{IFS} = " \t\n";
my $status = system $real_rm, @allowed_args;
my $errcode = $status >> 8;
exit $errcode;
