[rt.cpan.org #65703] Build Problem - Inline::C fails at t/08taint.t

Sun, 23 Feb 2014 10:13:27 -0800 

Sun Feb 23 13:10:55 2014: Request 65703 was acted upon.
Transaction: Correspondence added by Hugmeir
       Queue: Inline
     Subject: Build Problem - Inline::C fails at t/08taint.t
   Broken in: (no value)
    Severity: (no value)
       Owner: Nobody
  Requestors: [email protected]
      Status: open
 Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=65703 >


On Tue Feb 15 20:05:27 2011, [email protected] wrote:
> The problem here as I see it ist the use of
> (stat("/usr/bin"))[2] & 0022
> instead of
> (stat("/usr/bin"))[2] & 0002
> , because you must be authorized to write into
> the first case, but needn't be in the second.
> If you exclude 0020 you could exclude 0200 for
> the same reasons.
> To me it would seem more consistent to use the -w, -W operators
> to check for every directory in the path if it
> is writable at all. Then you can omit the
> (stat("/usr/bin"))[2] & 0??? test completely and just write:
> 
> join ':', grep {not /^\./ and -d $_ and not -w $_ || -W $_
>                                   } split /:/, $ENV{PATH};

This issue just bit me when smoking CPAN on Android. Unfortunately, the above 
solution doesn't work for me.

tl;dr: Skipping the tests when $^O eq 'android' would probably be for the best, 
if that filter is going to stay.

Android's an interesting case. It's basically a linux system that doesn't 
provide any toolchain whatsoever, so you either have to install one yourself 
(and to do that, you need to root your phone and probably create/mount an 
ext3/4 partition in your sdcard) or have an app install it for you.  Either 
way, the toolchain ends up in a non-standard location with non-standard 
permissions, and to use it you need to tweak with it's permissions and/or be 
root.

There's probably no ideal solution here, but either way my suggestion is to 
have the module skip t/08taint.t under Android, and then to have env_untaint 
actually check if an entry is already untainted (with Scalar::Util::tainted in 
perl>=5.8, and whatever the eval invocation in older perls is); if it is, trust 
it as-is, no need to filter anything. That way, if someone wants to use Inline 
on Android under taint, they can do it by manually untainting $ENV{PATH}, which 
they should've been doing on the first place :)

Reply via email to