From: Tim Jenness [mailto:[EMAIL PROTECTED]]
> On Wed, 21 Feb 2001 [EMAIL PROTECTED] wrote:
>
> > On Wed, Feb 21, 2001 at 07:42:17AM -1000, Tim Jenness wrote:
> > > > File::Temp::_gettemp: Parent directory (/tmp/) is
> not safe (sticky bit not set when world writable?) at
> lib/ftmp-security.t line 100
> >
> > The reason that warning is leaking through is _gettemp() is very
> > noisy, warning alot. tmpfile() does not catch these warnings and
> > issue them as part if its die message.
>
> Yes. I was just looking fixing this.
>
> >
> > _gettemp() should be rearchitected to have a side-channel for
> > reporting the reason for a failure back to its caller rather than just
> > warning directly. Then the caller (ie. tempfile()) can incorporate
> > the reason into its own error message.
>
> That's one option yes.
>
> >
> > For the moment, the test can be shut up by adding a C<local
> > $SIG{__WARN__} = sub {}> to the eval block.
> >
> > There's also a fundemental problem with lib/ftmp-security.t. We have
> > no way of knowing if a test failed because File::Temp has failed or
> > because the admin has a peculiar way of setting up /tmp! In the
> > latter case, File::Temp is working perfectly, but the test will fail.
> > This is wrong.
> >
> > This can be solved by using t/tmp instead of File::Spec->tmpdir.
> > t/lib/ftmp-security.t can create t/tmp and chmod it the way it likes,
> > then run tempfile() with it as the DIR. At the end, it can delete it.
> >
>
> Only partly. We've thought of this before but HIGH security involves
> testing all the parent directories not just the one containing the
> directory itself. t/tmp will not fix the problem if the parent dir is
> "unsafe".
>
> I will change the test so that it prints the skip message and hides the
> warnings [Simply unsetting SIG{__WARN__} in ftmp-security.t fixes it but
> I'm toyinh with the idea of breaking compatibility with 5.005 and using
> 'warnings.pm'
Will File::Temp have a parallel existence on CPAN? If not, there shouldn't
be any problem with moving over to the warnings pragma.
If it is still going to live on CPAN, you could do what I've done in DB_File
& Compress::ZLib. When Makefile.PL is run it checks whether the warnings
pragma is available. If it is I do a global search & replace on all files in
the module changing all uses of $^W to the equivalent "use warnings"
setting. If "warnings" isn't available it does the opposite search &
replace.
Paul
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
