Re: Inline and -T

Thu, 02 Jul 2009 15:14:33 -0700
----- Original Message ----- From: "Patrick LeBoutillier" <patrick.leboutill...@gmail.com> 
To: "Sisyphus" <sisyph...@optusnet.com.au>
Cc: "inline" <inline@perl.org>
Sent: Friday, July 03, 2009 3:03 AM
Subject: Re: Inline and -T



Rob,

I took a stab at it this morning. Basically I tried to do 2 things:

- Get the small test script to run cleanly under UNTAINT;
- Try to get the test suite to behave properly when run under -T (by
way of the HARNESS_PERL_SWITCHES env var). That way it's easy to
perioically run the test suite with -T and see if somoe new taint bugs
have crept in.

To fix the former 2 small patches seem to be required: one for
Inline.pm and one for denter.pm:

Inline.pm:
@@ -1201,6 +1217,7 @@
    my @parts = File::Spec->splitdir($rmpath);
    while (@parts){
        $rmpath = File::Spec->catdir($prefix ? ($prefix,@parts) :
@parts);
+        ($rmpath) = $rmpath =~ /(.*)/ if UNTAINT;
        rmdir $rmpath
         or last; # rmdir failed because dir was not empty
       pop @parts;

denter.pm (without this a taint exception is thrown by AutoLoader.pm):
@@ -13,6 +13,9 @@
         }, $class;
}

+sub DESTROY {
+}
+


To fix the latter, a mechanism needs to be put in place in Inline.pm
so that it activates UNTAINT automatically (only when -T is set  and
when we are running under the test harness). Also, the test suite
makes liberal use of relative paths in @INC, which throws off a few
taint exceptions. Finally, the Inline::Foo module used in the test
suite needs some untainting in some places.

I have a patch for this also, but it's larger than the other two. Rob,
what format is preferable for the patch?



Just post it as an attachment should be fine, I think.
I'll give the patches a try in a day or two when I have time. (I have to head off in about half an hour - won't get back until tomorrow evening.) 
Thanks heaps for that, Patrick !!


BTW: I wasn't able to reproduce Rob's build problem with the small
test script below. It ran fine (without -T) on my test env (Linux
FC10, x64, perl 5.10.0).
Hmmm .... I'm still stuck on that. It may be something Windows-specific. I'm actually having trouble working out what "$o->env_untaint if UNTAINT;" in Inline.pm's sub glue is doing. (It's called twice, within a few lines of each othr.) Afaict it should be calling env_untaint() in the same file, but it doesn't seem to be doing that ... very, very weird. I can verify that the line of code is being executed (and that UNTAINT is true), but env_untaint() is not being run. 
Same goes for "$o->obj_untaint if UNTAINT;" (called once) in the same sub.

Cheers,
Rob

Reply via email to