Sun Feb 23 13:10:55 2014: Request 65703 was acted upon.
Transaction: Correspondence added by Hugmeir
Queue: Inline
Subject: Build Problem - Inline::C fails at t/08taint.t
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: alexander.haec...@web.de
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=65703 >
On Tue Feb 15 20:05:27 2011, alexander.haec...@web.de wrote:
> The problem here as I see it ist the use of
> (stat("/usr/bin"))[2] & 0022
> instead of
> (stat("/usr/bin"))[2] & 0002
> , because you must be authorized to write into
> the first case, but needn't be in the second.
> If you exclude 0020 you could exclude 0200 for
> the same reasons.
> To me it would seem more consistent to use the -w, -W operators
> to check for every directory in the path if it
> is writable at all. Then you can omit the
> (stat("/usr/bin"))[2] & 0??? test completely and just write:
>
> join ':', grep {not /^\./ and -d $_ and not -w $_ || -W $_
> } split /:/, $ENV{PATH};
This issue just bit me when smoking CPAN on Android. Unfortunately, the above
solution doesn't work for me.
tl;dr: Skipping the tests when $^O eq 'android' would probably be for the best,
if that filter is going to stay.
Android's an interesting case. It's basically a linux system that doesn't
provide any toolchain whatsoever, so you either have to install one yourself
(and to do that, you need to root your phone and probably create/mount an
ext3/4 partition in your sdcard) or have an app install it for you. Either
way, the toolchain ends up in a non-standard location with non-standard
permissions, and to use it you need to tweak with it's permissions and/or be
root.
There's probably no ideal solution here, but either way my suggestion is to
have the module skip t/08taint.t under Android, and then to have env_untaint
actually check if an entry is already untainted (with Scalar::Util::tainted in
perl>=5.8, and whatever the eval invocation in older perls is); if it is, trust
it as-is, no need to filter anything. That way, if someone wants to use Inline
on Android under taint, they can do it by manually untainting $ENV{PATH}, which
they should've been doing on the first place :)
