Skip Menu |
 

This queue is for tickets about the Module-Load-Conditional CPAN distribution.

Report information
The Basics
Id: 31680
Status: resolved
Priority: 0/
Queue: Module-Load-Conditional

People
Owner: Nobody in particular
Requestors: mkanat [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 0.22
Fixed in: (no value)



Subject: Module::Load::Conditional is not taint-safe with $FIND_VERSION on
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Type: text/plain
Charset: utf8
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1039
Currently, IPC::Cmd can't be easily used under taint mode because Module::Load::Conditional does some taint-unsafe reading of files when $FIND_VERSION is on. Here's a stack trace when running with -t: Insecure dependency in eval while running with -t switch at /usr/lib/perl5/site_perl/5.8.8/Module/Load/Conditional.pm line 332, <GEN4> line 88. at /usr/lib/perl5/site_perl/5.8.8/Module/Load/Conditional.pm line 332 Module::Load::Conditional::_parse_version() called at /usr/lib/perl5/site_perl/5.8.8/Module/Load/Conditional.pm line 250 Module::Load::Conditional::check_install() called at /usr/lib/perl5/site_perl/5.8.8/Module/Load/Conditional.pm line 437 Module::Load::Conditional::can_load() called at /usr/lib/perl5/vendor_perl/5.8.8/IPC/Cmd.pm line 131 IPC::Cmd::can_use_ipc_open3() called at /usr/lib/perl5/vendor_perl/5.8.8/IPC/Cmd.pm line 149 IPC::Cmd::can_capture_buffer() called at /usr/lib/perl5/vendor_perl/5.8.8/IPC/Cmd.pm line 340 IPC::Cmd::run() called at t/300_bzr.t line 70
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Disposition: inline
Charset: utf8
Message-Id: <rt-3.6.HEAD-32595-1199289218-671.31680-0-0 [...] rt.cpan.org>
Content-Type: text/plain
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Original-Encoding: utf-8
Content-Length: 346
Download (untitled) / with headers
text/plain 346b
On Wed Dec 19 00:36:38 2007, MKANAT wrote: Show quoted text
> Currently, IPC::Cmd can't be easily used under taint mode because > Module::Load::Conditional does some taint-unsafe reading of files when > $FIND_VERSION is on. Here's a stack trace when running with -t:
Thanks for reporting, a fix for this has been committed and will be released as 0.24 shortly.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.