Michael G Schwern wrote:
> On Sun, Apr 28, 2002 at 12:46:01PM +1000, Ken Williams wrote:
>
>>[Sun Apr 28 12:36:05 2002] [error] Insecure $ENV{PATH} while running
>>with -T switch at /System/Library/Perl/Cwd.pm line 92.
>>BEGIN failed--compilation aborted at /Library/Perl/ExtUtils/testlib.pm
>>line 6.
>>Compilation failed in require at
>>/Users/ken/Downloads/perl/mod_perl-1.26/t//docs/startup.pl line 9.
>>BEGIN failed--compilation aborted at
>>/Users/ken/Downloads/perl/mod_perl-1.26/t//docs/startup.pl line 9.
>>Compilation failed in require at (eval 1) line 1.
>
>
> ExtUtils::testlib calls File::Spec->rel2abs() which is not taint clean in
> 5.6.1. It is in bleadperl. Dunno what to do about that.
The patch at the bottom should be applied to 5.6.2 (Should this be sent
to Sarathy?).
The workaround is to overload (re-alias) Cwd::_backtick_pwd with a fixed
version where you need it in MM, by forcing 'require Cwd' if it wasn't
loaded yet before doing the re-alias. Remember to shutdown warnings, or
even better undef the *Cwd::_backtick_pwd{CODE} symbol if Cwd is in %INC
already.
--- /tmp/Cwd.pm Sun Apr 28 11:44:38 2002
+++ /home/stas/perl.org/perl-5.6.1/lib/Cwd.pm Fri Sep 14 17:09:10 2001
@@ -89,7 +89,6 @@
# The 'natural and safe form' for UNIX (pwd may be setuid root)
sub _backtick_pwd {
+ local @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
my $cwd = `pwd`;
# `pwd` may fail e.g. if the disk is full
chomp($cwd) if defined $cwd;
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
