Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <71E287AB0D94D111BBD600600849EC8185EDD3@POST> From: "Fifer, Eric" To: cygwin AT sourceware DOT cygnus DOT com Subject: RE: [ANN] Dynamically linked perl5.005_03 binary & patches Date: Fri, 28 May 1999 08:10:44 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" >> t/examp.............Insecure $ENV{PATH} while running with -T switch at /usr/local/lib/perl5/5.00503/Cwd.pm line 82. >> dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 30-186 >> Failed 157/186 tests, 15.59% okay >> > > >This *may* be related to the patches applied to miniperlmain.c, mg.c, and util.c that were put there work around an environment handling problem >in Cygwin. That's just based on the ${ENV} comment. Looking at the >code, it doesn't seem to apply: > >sub _backtick_pwd { > my $cwd; > chop($cwd = `pwd`); <<<< line 82 > $cwd; >} The message means what it says, t/examp.t turns on taint checking (-T) and $ENV{PATH} has not been set to anything secure, so it is still tainted when it goes to run `pwd`. See perlsec.pod for details. When I remove the -T switch from t/examp.t I get: t/examp.............FAILED tests 181-186 Failed 6/186 tests, 96.77% okay It looks like Cwd.pm needs some work if you want to run with taint checking on. Eric Fifer -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com