Skip Menu |
 

This queue is for tickets about the Makefile-Parser CPAN distribution.

Report information
The Basics
Id: 107235
Status: new
Priority: 0/
Queue: Makefile-Parser

People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.216
Fixed in: (no value)

Attachments
Makefile-Parser-0.216-Remove-use-lib.patch



Subject: "use lib" in pgmake-db
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Message-ID: <rt-4.0.18-27030-1442918329-838.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 371
Download (untitled) / with headers
text/plain 371b
Current script/pgmake-db contains on line 5: use lib qw(/home/agentz/gmake-db/lib /home/agentz/mdom-gmake/lib); Provided pgmake-db is installed by default, adding private home directories into @INC is very bad practice. If my home directory were /home/agentz I could mount an attack against anybody executing the pgmake-db script. Please remove the line from the code.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-27030-1442918329-838.0-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
X-RT-Interface: API
References: <rt-4.0.18-27030-1442918329-838.0-0-0 [...] rt.cpan.org>
Content-Type: multipart/mixed; boundary="----------=_1442919002-24803-3"
Message-ID: <rt-4.0.18-24803-1442919002-1246.0-0-0 [...] rt.cpan.org>
Message-ID: <rt-4.0.18-24803-1442919002-1088.107235-0-0 [...] rt.cpan.org>
X-RT-Original-Encoding: utf-8
From: ppisar [...] redhat.com
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 189
Download (untitled) / with headers
text/plain 189b
Dne Út 22.zář.2015 06:38:50, ppisar napsal(a): Show quoted text
> Current script/pgmake-db contains on line 5: > > use lib qw(/home/agentz/gmake-db/lib /home/agentz/mdom-gmake/lib); >
This patch do it.
MIME-Version: 1.0
Subject: Makefile-Parser-0.216-Remove-use-lib.patch
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Type: application/octet-stream; name="Makefile-Parser-0.216-Remove-use-lib.patch"
Content-Disposition: inline; filename="Makefile-Parser-0.216-Remove-use-lib.patch"
Content-Transfer-Encoding: base64
Content-Length: 753
From 686607e6722b9a03e30d3d89c2bbec8d70c1c1e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Tue, 22 Sep 2015 12:39:30 +0200 Subject: [PATCH] Remove "use lib" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This could have security implications. CPAN RT#107235 Signed-off-by: Petr Písař <ppisar@redhat.com> --- script/pgmake-db | 1 - 1 file changed, 1 deletion(-) diff --git a/script/pgmake-db b/script/pgmake-db index 215c8de..9025e3a 100755 --- a/script/pgmake-db +++ b/script/pgmake-db @@ -2,7 +2,6 @@ use strict; use warnings; -use lib qw(/home/agentz/gmake-db/lib /home/agentz/mdom-gmake/lib); #use Smart::Comments; use Getopt::Long; -- 2.4.3


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.