Skip Menu |
 

This queue is for tickets about the File-Slurp CPAN distribution.

Report information
The Basics
Id: 90090
Status: resolved
Priority: 0/
Queue: File-Slurp

People
Owner: cwhitener [...] gmail.com
Requestors: erp [...] movis.dk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From erp [...] movis.dk Wed Nov 6 09: 27:20 2013
MIME-Version: 1.0
X-Spam-Status: No, score=-4.059 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_FAIL=0.001, TVD_FW_GRAPHIC_NAME_LONG=1.293] autolearn=ham
X-Spam-Flag: NO
X-Virus-Checked: Checked
Content-Type: multipart/alternative; boundary="------------070900040709060700050207"
Message-ID: <527A5132.8090504 [...] movis.dk>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -4.059
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 49D092406C7 for <cpan-bug+File-Slurp [...] hipster.bestpractical.com>; Wed, 6 Nov 2013 09:27:20 -0500 (EST)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKhTobze+ClG for <cpan-bug+File-Slurp [...] hipster.bestpractical.com>; Wed, 6 Nov 2013 09:27:14 -0500 (EST)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id A7E5F24024C for <bug-File-Slurp [...] rt.cpan.org>; Wed, 6 Nov 2013 09:27:14 -0500 (EST)
Received: (qmail 29867 invoked by alias); 6 Nov 2013 14:27:14 -0000
Received: from mail.clobix.com (HELO clobix.com) (54.229.118.53) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Wed, 06 Nov 2013 06:27:03 -0800
Received: (qmail 1951 invoked by uid 89); 6 Nov 2013 14:26:19 -0000
Received: from unknown (HELO ?10.0.0.134?) (erp [...] movis.dk [...] ::ffff:83.93.56.101) by 0 with ESMTPA; 6 Nov 2013 14:26:19 -0000
Delivered-To: cpan-bug+File-Slurp [...] hipster.bestpractical.com
Subject: Taint-mode related bug in write_file for edit_file and edit_file_lines
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9
Return-Path: <erp [...] movis.dk>
X-RT-Mail-Extension: file-slurp
X-Original-To: cpan-bug+File-Slurp [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Date: Wed, 06 Nov 2013 15:24:50 +0100
X-Spam-Level:
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
X-RT-Interface: Email
Content-Length: 0
content-type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1167
Download (untitled) / with headers
text/plain 1.1k
Hello. When using File::Slurp I came across the following bug with using edit_file or edit_file_lines This is the code I was running (Simplified for show-and-tell): my $key = 'ssid'; my $value = '11'; my $config_file = '/etc/hostapd.conf'; taint $config_file; edit_file_lines sub { $_ = "$key=$value" if /$key=/ }, $config_file; This failed with: "edit_file_lines '/etc/hostapd.conf' - write_file: at /usr/sbin/daemon.pl line 275" This error message, as you can see, is not complete descriptive - It shows that something goes wrong with writing, but not exactly what. It turns out that $config_file was tainted (which was not entirely obvious in my code), which caused this error. Presumably, write_file doesn't set $! properly, which hides exactly what is going on. If File::Slurp could set $!/@! properly when trying to write a tainted filehandle, that would simply debugging in the long run. -- Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk>
Content-Type: multipart/related; boundary="------------000508040902080202040106"
Content-Length: 0
content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1794
Content-Type: image/gif; name="gehfbacc.gif"
Content-Disposition: inline; filename="gehfbacc.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.02040000.09020203 [...] movis.dk>
Content-Length: 1315
Download gehfbacc.gif
image/gif 1.2k
gehfbacc.gif
From erp [...] movis.dk Wed Nov 6 09: 32:23 2013
MIME-Version: 1.0
X-Spam-Status: No, score=-4.286 tagged_above=-99.9 required=10 tests=[AWL=0.227, BAYES_00=-1.9, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_FAIL=0.001, TVD_FW_GRAPHIC_NAME_LONG=1.293] autolearn=ham
In-Reply-To: <rt-4.0.18-21762-1383748041-1025.90090-3-0 [...] rt.cpan.org>
X-Spam-Flag: NO
X-RT-Interface: API
References: <RT-Ticket-90090 [...] rt.cpan.org> <527A5132.8090504 [...] movis.dk> <rt-4.0.18-21762-1383748041-1025.90090-3-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <527A526B.2050102 [...] movis.dk>
Content-Type: multipart/alternative; boundary="------------060504040706090003070601"
X-Spam-Score: -4.286
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 94C512406C7 for <cpan-bug+File-Slurp [...] hipster.bestpractical.com>; Wed, 6 Nov 2013 09:32:23 -0500 (EST)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hAs0xzFot5fT for <cpan-bug+File-Slurp [...] hipster.bestpractical.com>; Wed, 6 Nov 2013 09:32:22 -0500 (EST)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 03D7224024C for <bug-File-Slurp [...] rt.cpan.org>; Wed, 6 Nov 2013 09:32:21 -0500 (EST)
Received: (qmail 30350 invoked by alias); 6 Nov 2013 14:32:21 -0000
Received: from mail.clobix.com (HELO clobix.com) (54.229.118.53) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Wed, 06 Nov 2013 06:32:12 -0800
Received: (qmail 1995 invoked by uid 89); 6 Nov 2013 14:31:31 -0000
Received: from unknown (HELO ?10.0.0.134?) (erp [...] movis.dk [...] ::ffff:83.93.56.101) by 0 with ESMTPA; 6 Nov 2013 14:31:31 -0000
Delivered-To: cpan-bug+File-Slurp [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9
Subject: Re: [rt.cpan.org #90090] AutoReply: Taint-mode related bug in write_file for edit_file and edit_file_lines
Return-Path: <erp [...] movis.dk>
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+File-Slurp [...] hipster.bestpractical.com
X-RT-Mail-Extension: file-slurp
Date: Wed, 06 Nov 2013 15:30:03 +0100
X-Spam-Level:
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
RT-Message-ID: <rt-4.0.18-27461-1383748344-100.90090-0-0 [...] rt.cpan.org>
Content-Length: 0
content-type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-RT-Original-Encoding: utf-8
Content-Length: 543
Download (untitled) / with headers
text/plain 543b
Sorry, I left out relevant information: uname -a: Linux imx6qsabresd 3.0.35-1.1.0+yocto+g21304e1 # perl -v: This is perl 5, version 14, subversion 3 (v5.14.3) built for arm-linux-gnueabi For File::Slurp-9999.19 Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk> On 06/11/13 15:27, Bugs in File-Slurp via RT wrote: Show quoted text
> [rt.cpan.org #90090]
Content-Type: multipart/related; boundary="------------020000040301070000000606"
Content-Length: 0
content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-RT-Original-Encoding: utf-8
Content-Length: 1262
Content-Type: image/gif; name="ggidbhbb.gif"
Content-Disposition: inline; filename="ggidbhbb.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.09010708.04060209 [...] movis.dk>
Content-Length: 1315
Download ggidbhbb.gif
image/gif 1.2k
ggidbhbb.gif
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-27461-1383748344-100.90090-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <RT-Ticket-90090 [...] rt.cpan.org> <527A5132.8090504 [...] movis.dk> <rt-4.0.18-21762-1383748041-1025.90090-3-0 [...] rt.cpan.org> <527A526B.2050102 [...] movis.dk> <rt-4.0.18-27461-1383748344-100.90090-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1820-1383760538-116.90090-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 76
I wonder if you'd see a similar issue with Path::Tiny's slurp* interface?
MIME-Version: 1.0
In-Reply-To: <527A5132.8090504 [...] movis.dk>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <527A5132.8090504 [...] movis.dk>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-24207-1538704257-514.90090-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 260
Download (untitled) / with headers
text/plain 260b
Hi Everyone, Not to discount your error, but it seems we've all moved away from Taint mode (or at least, we're trying to). I don't see a problem with our current taint tests but I'd be happy to revisit if you all feel strongly about Taint mode. Thanks, Chase


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.