Skip Menu |
 

This queue is for tickets about the File-Slurp CPAN distribution.

Report information
The Basics
Id: 90090
Status: resolved
Priority: 0/
Queue: File-Slurp

People
Owner: cwhitener [...] gmail.com
Requestors: erp [...] movis.dk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Taint-mode related bug in write_file for edit_file and edit_file_lines
Date: Wed, 06 Nov 2013 15:24:50 +0100
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
Download (untitled) / with headers
text/plain 1.1k
Hello. When using File::Slurp I came across the following bug with using edit_file or edit_file_lines This is the code I was running (Simplified for show-and-tell): my $key = 'ssid'; my $value = '11'; my $config_file = '/etc/hostapd.conf'; taint $config_file; edit_file_lines sub { $_ = "$key=$value" if /$key=/ }, $config_file; This failed with: "edit_file_lines '/etc/hostapd.conf' - write_file: at /usr/sbin/daemon.pl line 275" This error message, as you can see, is not complete descriptive - It shows that something goes wrong with writing, but not exactly what. It turns out that $config_file was tainted (which was not entirely obvious in my code), which caused this error. Presumably, write_file doesn't set $! properly, which hides exactly what is going on. If File::Slurp could set $!/@! properly when trying to write a tainted filehandle, that would simply debugging in the long run. -- Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk>
Download gehfbacc.gif
image/gif 1.2k
gehfbacc.gif
Subject: Re: [rt.cpan.org #90090] AutoReply: Taint-mode related bug in write_file for edit_file and edit_file_lines
Date: Wed, 06 Nov 2013 15:30:03 +0100
To: bug-File-Slurp [...] rt.cpan.org
From: "Emil R. Petersen" <erp [...] movis.dk>
Download (untitled) / with headers
text/plain 543b
Sorry, I left out relevant information: uname -a: Linux imx6qsabresd 3.0.35-1.1.0+yocto+g21304e1 # perl -v: This is perl 5, version 14, subversion 3 (v5.14.3) built for arm-linux-gnueabi For File::Slurp-9999.19 Med venlig hilsen/Best regards *Emil R. Petersen* Backend Software Engineer erp@movis.dk ------------------------------------------------------------------------ Nørrebrogade 110A, 1. 2200 København N Denmark www.movis.dk <http://www.movis.dk> On 06/11/13 15:27, Bugs in File-Slurp via RT wrote: Show quoted text
> [rt.cpan.org #90090]
Download ggidbhbb.gif
image/gif 1.2k
ggidbhbb.gif
I wonder if you'd see a similar issue with Path::Tiny's slurp* interface?
Download (untitled) / with headers
text/plain 260b
Hi Everyone, Not to discount your error, but it seems we've all moved away from Taint mode (or at least, we're trying to). I don't see a problem with our current taint tests but I'd be happy to revisit if you all feel strongly about Taint mode. Thanks, Chase


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.