At 8:14 AM -0500 8/13/07, John E. Malmberg wrote: >Craig A. Berry wrote: >>At 11:39 PM -0500 8/12/07, John E. Malmberg wrote: >> >>>The last 2 tests in utftaint.t are failing on VMS. >>> >>>Insecure $ENV{PATH} while running with -T switch at ./test.pl line 547. >>> >>>I am a bit stumped on how to fix this. >> >> >>I don't see this failure with a default configuration. Do you have >>any protected subsystem identifiers on that system? That could is >>considered the equivalent of running with setuid and could trigger >>tainting. > >The utftaint.t test is run with the "-T" flag in the command line, and that is >what is triggering the tainting. > >I am not aware of any problems with $ENV{PATH} on specifically not tainted >tests. > >Is utftaint.t succeeding with all 88 tests for you?
Yes, it is. It appears to matter what the definition of PATH is in the environment. Specifically, it has to be defined (if defined at all) to something that parses as a native directory spec. The three examples below show a native directory spec that exists (test succeeds), a meaningless bareword (test fails), and a valid native directory spec that does not exist (test succeeds). So what is the actual value of PATH that you have when you get the failures? Symlinks are the only significant configuration option that is different between your set-up and mine, so perhaps that is part of the mix. Totally a WAG at this point, but you may have a symlink that is being taint checked before being followed and we need to reverse that order. $ define path d0:[craig.perl.t] $ perl -"T" [.op]utftaint.t 1..88 ok 1 - tainted: ascii, before test ... ok 86 - tainted: latin1, downgrade down ok 87 - fresh_perl - matching a regexp is taint agnostic ok 88 - fresh_perl - therefore swash_init should be taint agnostic $ define path foo %DCL-I-SUPERSEDE, previous value of PATH has been superseded $ perl -"T" [.op]utftaint.t 1..88 ok 1 - tainted: ascii, before test ... ok 86 - tainted: latin1, downgrade down Insecure directory in $ENV{PATH} while running with -T switch at ./test.pl line 537. # Looks like you planned 88 tests but ran 86. %SYSTEM-F-ABORT, abort $ define path notadisk:[notadir] %DCL-I-SUPERSEDE, previous value of PATH has been superseded $ perl -"T" [.op]utftaint.t 1..88 ok 1 - tainted: ascii, before test ... ok 86 - tainted: latin1, downgrade down ok 87 - fresh_perl - matching a regexp is taint agnostic ok 88 - fresh_perl - therefore swash_init should be taint agnostic -- ________________________________________ Craig A. Berry mailto:[EMAIL PROTECTED] "... getting out of a sonnet is much more difficult than getting in." Brad Leithauser