On 06/09/2014 12:00 AM, Michael Conrad via RT wrote:
Mon Jun 09 01:00:03 2014: Request 96291 was acted upon.
Transaction: Correspondence added by NERDVANA
Queue: Inline
Subject: t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=96291 >
On Mon Jun 09 00:02:51 2014, NERDVANA wrote:
Oh, and the perls involved were 5.12.4 and 5.16.3, so it isn't
specific to 5.20
I have further discovered that it only happens when I run cpan or cpanm as root. When I
run "make test" manually as a normal user (with the files chown'd to that user)
the test passes.
This is then a serious user problem.
Tests should never be run as root, way too dangerous.
The cpan install steps for EUMM and MB have usually the necessary sudo
prepended.
I haven't checked if cpanm --sudo is broken as I never use it, but the
docs day it's used only for install, which is good.
In our case I suggest to set the empty tainted PATH to /bin:/usr/bin
and make the tests TODO.
On cygwin this happens e.g. if those paths are group writable of if you
run the tests as root.
Skipping is bad, since some user might want to use Inline C with tainted
input, and will not see new problems then.
--
Reini
Working towards a true Modern Perl.
Slim, functional, unbloated, compile-time optimizable
