At 8:14 AM -0500 8/13/07, John E. Malmberg wrote:
>Craig A. Berry wrote:
>>At 11:39 PM -0500 8/12/07, John E. Malmberg wrote:
>>
>>>The last 2 tests in utftaint.t are failing on VMS.
>>>
>>>Insecure $ENV{PATH} while running with -T switch at ./test.pl line 547.
>>>
>>>I am a bit stumped on how to fix this.
>>
>>
>>I don't see this failure with a default configuration. Do you have
>>any protected subsystem identifiers on that system? That could is
>>considered the equivalent of running with setuid and could trigger
>>tainting.
>
>The utftaint.t test is run with the "-T" flag in the command line, and that is
>what is triggering the tainting.
>
>I am not aware of any problems with $ENV{PATH} on specifically not tainted
>tests.
>
>Is utftaint.t succeeding with all 88 tests for you?
Yes, it is. It appears to matter what the definition of PATH is in
the environment. Specifically, it has to be defined (if defined at
all) to something that parses as a native directory spec. The three
examples below show a native directory spec that exists (test
succeeds), a meaningless bareword (test fails), and a valid native
directory spec that does not exist (test succeeds). So what is the
actual value of PATH that you have when you get the failures?
Symlinks are the only significant configuration option that is
different between your set-up and mine, so perhaps that is part of
the mix. Totally a WAG at this point, but you may have a symlink
that is being taint checked before being followed and we need to
reverse that order.
$ define path d0:[craig.perl.t]
$ perl -"T" [.op]utftaint.t
1..88
ok 1 - tainted: ascii, before test
...
ok 86 - tainted: latin1, downgrade down
ok 87 - fresh_perl - matching a regexp is taint agnostic
ok 88 - fresh_perl - therefore swash_init should be taint agnostic
$ define path foo
%DCL-I-SUPERSEDE, previous value of PATH has been superseded
$ perl -"T" [.op]utftaint.t
1..88
ok 1 - tainted: ascii, before test
...
ok 86 - tainted: latin1, downgrade down
Insecure directory in $ENV{PATH} while running with -T switch at ./test.pl line
537.
# Looks like you planned 88 tests but ran 86.
%SYSTEM-F-ABORT, abort
$ define path notadisk:[notadir]
%DCL-I-SUPERSEDE, previous value of PATH has been superseded
$ perl -"T" [.op]utftaint.t
1..88
ok 1 - tainted: ascii, before test
...
ok 86 - tainted: latin1, downgrade down
ok 87 - fresh_perl - matching a regexp is taint agnostic
ok 88 - fresh_perl - therefore swash_init should be taint agnostic
--
________________________________________
Craig A. Berry
mailto:[EMAIL PROTECTED]
"... getting out of a sonnet is much more
difficult than getting in."
Brad Leithauser
