Skip Menu |
 

This queue is for tickets about the File-Slurp CPAN distribution.

Report information
The Basics
Id: 90090
Status: open
Priority: 0/
Queue: File-Slurp

People
Owner: Nobody in particular
Requestors: erp [...] movis.dk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Taint-mode related bug in write_file for edit_file and edit_file_lines
Date: Wed, 06 Nov 2013 15:24:50 +0100
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
Download (untitled) / with headers
text/plain 1.1k
Hello. When using File::Slurp I came across the following bug with using edit_file or edit_file_lines This is the code I was running (Simplified for show-and-tell): my $key = 'ssid'; my $value = '11'; my $config_file = '/etc/hostapd.conf'; taint $config_file; edit_file_lines sub { $_ = "$key=$value" if /$key=/ }, $config_file; This failed with: "edit_file_lines '/etc/hostapd.conf' - write_file: at /usr/sbin/daemon.pl line 275" This error message, as you can see, is not complete descriptive - It shows that something goes wrong with writing, but not exactly what. It turns out that $config_file was tainted (which was not entirely obvious in my code), which caused this error. Presumably, write_file doesn't set $! properly, which hides exactly what is going on. If File::Slurp could set $!/@! properly when trying to write a tainted filehandle, that would simply debugging in the long run. -- Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk>
Download gehfbacc.gif
image/gif 1.2k
gehfbacc.gif
Subject: Re: [rt.cpan.org #90090] AutoReply: Taint-mode related bug in write_file for edit_file and edit_file_lines
Date: Wed, 06 Nov 2013 15:30:03 +0100
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
Download (untitled) / with headers
text/plain 543b
Sorry, I left out relevant information: uname -a: Linux imx6qsabresd 3.0.35-1.1.0+yocto+g21304e1 # perl -v: This is perl 5, version 14, subversion 3 (v5.14.3) built for arm-linux-gnueabi For File::Slurp-9999.19 Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk> On 06/11/13 15:27, Bugs in File-Slurp via RT wrote: Show quoted text
> [rt.cpan.org #90090]
Download ggidbhbb.gif
image/gif 1.2k
ggidbhbb.gif
I wonder if you'd see a similar issue with Path::Tiny's slurp* interface?


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.