> -----Original Message----- > From: Marvin Humphrey [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 7:22 PM > To: inline@perl.org > Subject: Insecure dependency error in Taint mode > > Greets, > > I've got a whole bunch of stuff in Kinosearch rewritten in > Inline C, and it's going great! But there's a snag. When I > run my cgi script in with -T to enable taint mode, Apache > bombs out with an internal server error: > > [Wed Jul 06 17:20:37 2005] [error] [client 24.21.47.23] > Insecure dependency in require while running with -T switch > at blib/lib/ Inline.pm (autosplit into > blib/lib/auto/Inline/find_temp_dir.al) line 1247.
Looking at find_temp_dir.al, it's easy to see why it blows up: the single-argument form of abs_path() is not taint-safe (in the sense that it will blow up) because it uses the value of the current working directory, which is considered external information. That bug should get fixed - personally I'd like to see it not try so hard to find a temp directory; just try the current directory, and if that fails try File::Spec->tmpdir(), and if that fails throw an exception. -Ken
