Skip Menu |
 

This queue is for tickets about the Config-Crontab CPAN distribution.

Report information
The Basics
Id: 83956
Status: resolved
Priority: 0/
Queue: Config-Crontab

People
Owner: scott [...] mailblock.net
Requestors: jordanhiller [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Taint mode
Date: Thu, 14 Mar 2013 13:15:35 -0600
To: bug-Config-Crontab [...] rt.cpan.org
From: Jordan Hiller <jordanhiller [...] gmail.com>
Download (untitled) / with headers
text/plain 328b
Hello, In taint mode I have to unset $ENV{PATH}, making the module's calls to `crontab ...` fail. Taint mode makes it necessary to use the full path, for example `/usr/bin/crontab ...` Maybe a config parameter could be provided to set a custom path to the crontab program? Thanks, this module is really useful and well-done.
Download (untitled) / with headers
text/plain 439b
On Thu Mar 14 15:16:05 2013, jhiller wrote: Show quoted text
> In taint mode I have to unset $ENV{PATH}, making the module's calls to > `crontab ...` fail. Taint mode makes it necessary to use the full path, for > example `/usr/bin/crontab ...`
If you set your $ENV{PATH} to "/usr/bin" (or wherever your crontab binary is), will it pass taint checks? The "Cleaning Up Your Path" section of `perldoc perlsec` suggests that will work. Let me know. Scott
Subject: Re: [rt.cpan.org #83956] Taint mode
Date: Sat, 16 Mar 2013 15:26:10 -0600
To: bug-Config-Crontab [...] rt.cpan.org
From: Jordan Hiller <jordanhiller [...] gmail.com>
Download (untitled) / with headers
text/plain 430b
You're right, that does seem to do the trick. Thanks. On 16 March 2013 09:51, Scott Wiersdorf via RT < bug-Config-Crontab@rt.cpan.org> wrote: Show quoted text
If you set your $ENV{PATH} to "/usr/bin" (or wherever your crontab binary Show quoted text
> is), will it pass taint > checks? The "Cleaning Up Your Path" section of `perldoc perlsec` suggests > that will work. Let > me know. > > Scott > >
Ok good to know, and glad you like the module.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.