Bug#430629: libproc-pid-file-perl: should not change $ENV{'PATH'}

Tue, 26 Jun 2007 00:09:23 -0700 

Package: libproc-pid-file-perl
Version: 1.24-5
Severity: important
Tags: patch

The fix for bug #425467 changed Proc::PID::File::verify so that
$ENV{'PATH'} is set to "/usr/bin:/bin" before qx/.../ is used so that
it works OK in taint mode.  Unfortunately, the way this is currently
implemented means that the changes to $ENV{'PATH'} affect any perl
scripts or modules that use Proc::PID::File.

Thus I was suddenly confronted with a mysterious "Can't open <program>
for reading: No such file or directory" error in one of my perl
scripts.

The fix is very simple: just save $ENV{'PATH'} before changing it, and
restore it when done.  I've attached a patch doing just this.


- Felix


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (890, 'testing'), (880, 'stable'), (870, 
'experimental')
Architecture: powerpc (ppc)

Kernel: Linux 2.6.21-1-powerpc
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages libproc-pid-file-perl depends on:
ii  perl                          5.8.8-7    Larry Wall's Practical Extraction

Versions of packages libproc-pid-file-perl recommends:
ii  procps                        1:3.2.7-3  /proc file system utilities

-- no debconf information

-- 
Felix C. Stegerman <[EMAIL PROTECTED]>                  http://obfusk.net
~ "Any sufficiently advanced bug is indistinguishable from a feature."
~   -- R. Kulawiec
~ vim: set ft=mail tw=70 sw=2 sts=2 et:

--- File.pm.original	2007-06-26 07:52:45.000000000 +0200
+++ File.pm	2007-06-26 08:18:31.000000000 +0200
@@ -129,10 +129,15 @@
     if ($Config::Config{osname} =~ /linux|freebsd/i) {
         my $me = $self->{verify};
         ($me = $0) =~ s|.*/|| if !$me || $me eq "1";
-	# to survive the taint checks
-	$ENV{'PATH'}="/usr/bin:/bin";
+
+	my $env_path = $ENV{'PATH'};    # save & modify PATH
+	$ENV{'PATH'} = "/usr/bin:/bin"; # to survive the taint checks
+
         my @ps = split m|$/|, qx/ps -fp $pid/
             || die "ps utility not available: $!";
+
+	$ENV{'PATH'} = $env_path;       # restore
+
         s/^\s+// for @ps;   # leading spaces confuse us
 
         no warnings;    # hate that deprecated @_ thing

Attachment: pgpqHxDpQX4Ni.pgp
Description: PGP signature

Reply via email to