On Tue, Jul 05, 2005 at 02:42:59AM +0100, Dave Mitchell wrote:
> On Mon, Jul 04, 2005 at 11:16:21PM +0100, Nicholas Clark wrote:
> > This breaks t/spamd_hup.t in Mail-Spamassassin.
>
> I've reduced it to the following. Looks like some sort of problem
> localizing hash slices. Will look into it further tomorrow sometime.
>
> use Scalar::Util qw(tainted);
>
> warn sprintf "start tainted=%d\n", tainted($ENV{PATH});
> $ENV{PATH} = '/bin';
> warn sprintf "set tainted=%d\n", tainted($ENV{PATH});
> my $c = do {
> local @ENV{qw(PATH IFS)};
> my $cwd = ``;
> $cwd;
> };
> warn sprintf "CWD tainted=%d\n", tainted($ENV{PATH});
Looks like you don't even need the hash slice - localising an element has the
same effect:
use Scalar::Util qw(tainted);
warn sprintf "start tainted=%d\n", tainted($ENV{PATH});
$ENV{PATH} = '/bin';
warn sprintf "set tainted=%d\n", tainted($ENV{PATH});
my $c = do {
local $ENV{PATH};
my $cwd = ``;
$cwd;
};
warn sprintf "CWD tainted=%d\n", tainted($ENV{PATH});
start tainted=1
set tainted=0
CWD tainted=1
Nicholas Clark
