Rob,
On Mon, Jun 29, 2009 at 7:11 PM, Sisyphus<sisyph...@optusnet.com.au> wrote:
> Hi,
>
> There's a bug report about this at
> http://rt.cpan.org/Ticket/Display.html?id=13084
>
> It would be nice to come up with a fix, but I'm not 100% sure of what the
> correct behaviour should be. (I've not personally used -T at all, and
> probably never will.)
Personally I have never really used UNTAINT/SAFEMODE either (and -T
very rarely). I have a few general/philisophical questions though:
- Do other modules have these kinds of features/modes?
- Is it a "norm" for module authors to test with -T and make sure
everything is safe?
- Also, is blindly untainting everything really the way to do it?
> I gather that the following script should work:
>
> ### script1 ###
> #!/usr/bin/perl -T
>
> use Inline Config =>
> UNTAINT => 1,
> SAFEMODE => 0;
>
> use Inline C => <<'EOC';
>
> void greet() {
> printf("Hello World\n");
> }
>
> EOC
>
> greet();
> ##################
>
> And that the same script should also work if I replace the "SAFEMODE =>0;"
> with "DIRECTORY => 'custom/location';"
>
> Is that about it ?
> Does anyone have an example of a simple Inline::C script that has UNTAINT
> turned on and SAFEMODE turned off, but that should still fail with the
> "Insecure dependency" error ?
>
> Also some pointers to the sorts of things that SAFEMODE should detect might
> be handy - though I guess I can probably uncover that for myself in the
> Inline source. (One thing it apparently does is force the use of the
> DIRECTORY option.)
A quick check in the code shows that this seems to be the only thing it does...
Patrick
>
> I also intend to deal with:
>
> http://rt.cpan.org/Ticket/Display.html?id=5207 (Can't specify INC, LIBS,
> TYPEMAPS, MYEXTLIB using relative paths.)
>
> http://rt.cpan.org/Ticket/Display.html?id=45417 (Broken Inline::C-Cookbook
> weblink.)
>
> http://rt.cpan.org/Ticket/Display.html?id=40140 (Recognise "ccache cc" as C
> compiler.)
>
> http://rt.cpan.org/Ticket/Display.html?id=16801 ($_ is not localized.)
>
> Comments welcome.
>
> Cheers,
> Rob
>
>
>
--
=====================
Patrick LeBoutillier
Rosemère, Québec, Canada
