|
SA Bugzilla – Full Text Bug Listing |
Summary: | $ENV{PATH} needs taint-cleansing for perl 5.00503 | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | Bart Schaefer <schaefer> |
Component: | spamassassin | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | backport |
Priority: | P3 | ||
Version: | 2.52 | ||
Target Milestone: | 2.53 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Attachments: | suggested patch, makes "make test" work fine on my 5.00503 box :) |
Description
Bart Schaefer
2003-03-25 09:24:31 UTC
the problem is that the version of Sys::Hostname that comes with 5.005 isn't taint aware, so it tries to run `hostname` and blows up during "make test" (and running SA in taint mode in general). perhaps something like calling M::SA::Util::clean_path_in_taint_mode() in M::SA::new() ? if we're in taint mode, $PATH is useless without cleansing anyway, so we may as well do it when we start. Created attachment 810 [details]
suggested patch, makes "make test" work fine on my 5.00503 box :)
OKAY: fine by me for 2.53 applied to HEAD and 2.53. |