httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Benson <gben...@redhat.com>
Subject Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm TestConfigParse.pm
Date Thu, 06 Sep 2001 11:33:43 GMT

On 6 Sep 2001 stas@apache.org wrote:

> stas        01/09/05 19:36:44
>
>   Modified:    perl-framework/Apache-Test/lib/Apache TestConfig.pm
>                         TestConfigParse.pm
>   Log:
>   - enable taint mode in tests via PerlSwitches -T
>   - untaint $ENV{PATH} before using open "-|"

[snip]

>   diff -u -r1.7 -r1.8
>   --- TestConfigParse.pm	2001/08/20 15:20:50	1.7
>   +++ TestConfigParse.pm	2001/09/06 02:36:44	1.8
>   @@ -220,6 +220,8 @@
>
>        my $version;
>        my $cmd = "$httpd -v";
>   +    # untaint
>   +    $ENV{PATH} = '/bin:/usr/bin';
>        open my $v, '-|', $cmd or die "$cmd failed: $!";
>
>        local $_;

This breaks on mine even though $httpd is an absolute path at this point.
I'm not familiar enough with Perl to know why this should be, but is there
a better way (like $ENV{PATH} = '/bin:/usr/bin' unless $httpd =~ m:^/:;).
Would that successfully untaint it?

I can't tell, since mine doesn't complain about it being tainted at this
point and I can't figure out a way to make it do so. Why do you need to
untaint here anyway? Is this something from mod_perl? I'm confused!

Gary

[ Gary Benson, Red Hat Europe ][ gbenson@redhat.com ][ GnuPG 60E8793A ]


Mime
View raw message