Tainting DCL$PATH has no effect on Perl on VMS.
That logical name is not currently used internal to Perl so it never
gets checked to see if it is tainted.
So even when the /tmp directory exists and is world writable, these
tests will not pass.
-John
[EMAIL PROTECTED]
Personal Opinion Only
--- /rsync_root/perl/t/op/taint.t Wed Dec 3 03:23:35 2008
+++ t/op/taint.t Tue Dec 9 22:21:54 2008
@@ -219,8 +219,13 @@
test eval { `$echo 1` } eq '';
test $@ =~ /^Insecure \$ENV{DCL\$PATH}/, $@;
SKIP: {
- skip q[can't find world-writeable directory to test DCL$PATH], 2
- unless $tmp;
+ # DCL$PATH is not used by PERL to launch programs and is not
+ # specifically checked, so tainting it is not going to be
+ # noticed. So for now, this test is not valid.
+
+ skip q[TODO DCL$PATH tainting is not checked by perl], 2;
+# skip q[can't find world-writeable directory to test DCL$PATH], 2
+# unless $tmp;
$ENV{'DCL$PATH'} = $tmp;
test eval { `$echo 1` } eq '';
