Bug 1685 - $ENV{PATH} needs taint-cleansing for perl 5.00503
Summary: $ENV{PATH} needs taint-cleansing for perl 5.00503
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: 2.52
Hardware: All All
: P3 normal
Target Milestone: 2.53
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords: backport
Depends on:
Blocks:
 
Reported: 2003-03-25 09:24 UTC by Bart Schaefer
Modified: 2003-03-27 00:48 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status
suggested patch, makes "make test" work fine on my 5.00503 box :) patch None Theo Van Dinter [HasCLA]

Note You need to log in before you can comment on or make changes to this bug.
Description Bart Schaefer 2003-03-25 09:24:31 UTC
This was previously reported with other "make test" failures in bug #1514.
Please see commentary there.
Comment 1 Theo Van Dinter 2003-03-25 09:36:57 UTC
the problem is that the version of Sys::Hostname that comes with 5.005 isn't taint aware, so it tries to run `hostname` and blows up during "make test" (and running SA in taint mode in general).  perhaps something like calling M::SA::Util::clean_path_in_taint_mode() in M::SA::new() ?

if we're in taint mode, $PATH is useless without cleansing anyway, so we may as well do it when we start.
Comment 2 Theo Van Dinter 2003-03-25 09:52:26 UTC
Created attachment 810 [details]
suggested patch, makes "make test" work fine on my 5.00503 box :)
Comment 3 Justin Mason 2003-03-26 12:09:11 UTC
OKAY: fine by me for 2.53
Comment 4 Theo Van Dinter 2003-03-27 09:48:47 UTC
applied to HEAD and 2.53.