Bug 2460 - ArchiveIterator.pm: Insecure dependency in glob while running with -T switch
Summary: ArchiveIterator.pm: Insecure dependency in glob while running with -T switch
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Learner (show other bugs)
Version: 2.60
Hardware: PC Linux
: P2 major
Target Milestone: 2.60
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
: 2076 2455 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-09-15 02:45 UTC by Martin Radford
Modified: 2003-09-15 08:00 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
workaround for old perl patch None Daniel Quinlan [HasCLA]
workaround for old perl patch None Daniel Quinlan [HasCLA]
workaround for old perl patch None Daniel Quinlan [HasCLA]
workaround for old perl patch None Daniel Quinlan [HasCLA]
Show Obsolete (3) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Radford 2003-09-15 02:45:41 UTC 
I've just put 2.60-rc4 on my Linux box, and get this when running sa-learn:

Insecure dependency in glob while running with -T switch 
at /usr/lib/perl5/site_perl/5.005/Mail/SpamAssassin/ArchiveIterator.pm line 621.

That line is nearly at the end of that file:

   620	  # apply csh-style globs: ./corpus/*.mbox => er, you know what it 
does ;)
   621	  my @paths = glob $path;
   622	  return @paths;

Surprise, surprise - this is Perl 5.005.
Comment 1 Daniel Quinlan 2003-09-15 14:16:05 UTC 
*** Bug 2076 has been marked as a duplicate of this bug. ***
Comment 2 Daniel Quinlan 2003-09-15 14:16:16 UTC 
*** Bug 2455 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Quinlan 2003-09-15 14:16:52 UTC 
2.60 milestone
Comment 4 Daniel Quinlan 2003-09-15 14:44:38 UTC 
Created attachment 1374 [details]
workaround for old perl

okay, we won't use glob if running in taint-mode on 5.005
Comment 5 Daniel Quinlan 2003-09-15 14:48:22 UTC 
Created attachment 1375 [details]
workaround for old perl

just a minor tweak
Comment 6 Theo Van Dinter 2003-09-15 14:58:38 UTC 
+1  more stupid perl 5.005
Comment 7 Daniel Quinlan 2003-09-15 15:21:48 UTC 
Created attachment 1376 [details]
workaround for old perl

okay, maybe entering perfectionist mode, but whatever
Comment 8 Daniel Quinlan 2003-09-15 15:52:27 UTC 
Created attachment 1377 [details]
workaround for old perl

apparently, not so perfectionist that I bothered to test it
Comment 9 Theo Van Dinter 2003-09-15 15:55:29 UTC 
+1, again.
Comment 10 Daniel Quinlan 2003-09-15 16:00:03 UTC 
applied to CVS, we bit short of full approval, but Theo and I decided
to go for another rc anyway.