https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7806
--- Comment #4 from Rodolfo Saccani <[email protected]> --- Created attachment 5696 --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5696&action=edit sample code to reproduce the issue This attachment reproduces the issue. Launch it as root. # perl taint.pl Setting UID to 89 Use taint?.............1 Is $^X tainted?........0 Is $tainted tainted?...1 Why? When dropping root privileges the taint checks are enabled but $^X is not tainted because it had been executed previously. This is expected, read below. https://perldoc.perl.org/perlsec.html#Taint-mode) says: Perl automatically enables a set of special security checks, called taint mode, when it detects its program running with differing real and effective user or group IDs. This leads to $^X not being reliable when taint is enabled at runtime. Enabling taint checking at runtime is not unusual. I suggest to replace use of $^X with the code provided, which taints reliably. -- You are receiving this mail because: You are the assignee for the bug.
