From @jkeenan

Created by jkeenan@zareason.(none)

Today I went to build and test blead at commit
295d6d0. I got a test failure in
t/run/runenv.t -- a test failure which I had not observed building blead
yesterday.

#####
cd t; ./perl harness -v run/runenv.t; cd -
...
ok 61 - No errors when determining @​INC
not ok 62 - . is not in @​INC
# Failed test 62 - . is not in @​INC at ./run/runenv.t line 301
#####

The test itself is not new; it was committed in January of this year.

Some IRC #p5p dialogue​:

#####
(11​:02​:38 AM) kid51​: Hmm, maybe the test failure was due to having
PERL_USE_UNSAFE_INC=1 in that terminal, which has been open since
yesterday
(11​:02​:55 AM) kid51​: Yes, that was the problem
(11​:04​:45 AM) ilmari​: we don't actually have any tests for that env var
(11​:07​:35 AM) kid51​: Yeah ... but shouldn't we know whether that ENV var
(or any other ENV var) has been set before running *any* tests?
(11​:09​:02 AM) ilmari​: ah, t/TEST clears a bunch of vars already, it
could be added there
(11​:09​:48 AM) kid51​: In fact, going forward, shouldn't the presence of
both PERL_USE_UNSAFE_INC=1 and $Config{default_inc_excludes_dot} be
detected by Configure and flagged as an error?
(11​:11​:09 AM) ilmari​: but this test specifically should clear it too (it
already clears PERL5LIB and others)
(11​:11​:33 AM) ilmari​: I don't see why
(11​:11​:41 AM) ilmari​: PERL_USE_UNSAFE_INC doesn't affect the build
(11​:11​:54 AM) ilmari​: but the tests should handle it being set
#####

Attached is a patch to address the immediate problem. Please review.
Better approaches welcome.

Thank you very much.
Jim Keenan

Flags:
     category=core
     severity=medium

Site configuration information for perl 5.25.11:

Configured by jkeenan at Mon Mar 21 11:00:00 EST 2017.

Summary of my perl5 (revision 5 version 25 subversion 11) configuration:
   Derived from: 295d6d042a7c8bac9b1d5d201a473c7723b50d3f
   Platform:
     osname=linux
     osvers=4.4.0-67-generic
     archname=x86_64-linux
     uname='linux zareason 4.4.0-67-generic #88-ubuntu smp wed mar 8 
16:34:45 utc 2017 x86_64 x86_64 x86_64 gnulinux '
     config_args='-des -Dusedevel'
     hint=recommended
     useposix=true
     d_sigaction=define
     useithreads=undef
     usemultiplicity=undef
     use64bitint=define
     use64bitall=define
     uselongdouble=undef
     usemymalloc=n
     default_inc_excludes_dot=define
     bincompat5005=undef
   Compiler:
     cc='cc'
     ccflags ='-fwrapv -fno-strict-aliasing -pipe 
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64'
     optimize='-O2'
     cppflags='-fwrapv -fno-strict-aliasing -pipe 
-fstack-protector-strong -I/usr/local/include'
     ccversion=''
     gccversion='5.4.0 20160609'
     gccosandvers=''
     intsize=4
     longsize=8
     ptrsize=8
     doublesize=8
     byteorder=12345678
     doublekind=3
     d_longlong=define
     longlongsize=8
     d_longdbl=define
     longdblsize=16
     longdblkind=3
     ivtype='long'
     ivsize=8
     nvtype='double'
     nvsize=8
     Off_t='off_t'
     lseeksize=8
     alignbytes=8
     prototype=define
   Linker and Libraries:
     ld='cc'
     ldflags =' -fstack-protector-strong -L/usr/local/lib'
     libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/5/include-fixed 
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib 
/usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /lib64 /usr/lib64
     libs=-lpthread -lnsl -ldb -ldl -lm -lcrypt -lutil -lc
     perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
     libc=libc-2.23.so
     so=so
     useshrplib=false
     libperl=libperl.a
     gnulibc_version='2.23'
   Dynamic Linking:
     dlsrc=dl_dlopen.xs
     dlext=so
     d_dlsymun=undef
     ccdlflags='-Wl,-E'
     cccdlflags='-fPIC'
     lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl):
   Compile-time options:
     HAS_TIMES
     PERLIO_LAYERS
     PERL_COPY_ON_WRITE
     PERL_DONT_CREATE_GVSV
     PERL_MALLOC_WRAP
     PERL_OP_PARENT
     PERL_PRESERVE_IVUV
     PERL_USE_DEVEL
     USE_64_BIT_ALL
     USE_64_BIT_INT
     USE_LARGE_FILES
     USE_LOCALE
     USE_LOCALE_COLLATE
     USE_LOCALE_CTYPE
     USE_LOCALE_NUMERIC
     USE_LOCALE_TIME
     USE_PERLIO
     USE_PERL_ATOF
   Locally applied patches:
     uncommitted-changes
   Built under linux
   Compiled at Mar 21 2017 11:18:34
   %ENV:
     PERLBREW_BASHRC_VERSION="0.78"
     PERLBREW_HOME="/home/jkeenan/.perlbrew"
     PERLBREW_MANPATH="/home/jkeenan/perl5/perlbrew/perls/perl-5.24.1/man"
 
PERLBREW_PATH="/home/jkeenan/perl5/perlbrew/bin:/home/jkeenan/perl5/perlbrew/perls/perl-5.24.1/bin"
     PERLBREW_PERL="perl-5.24.1"
     PERLBREW_ROOT="/home/jkeenan/perl5/perlbrew"
     PERLBREW_VERSION="0.78"
     PERL_WORKDIR="/home/jkeenan/gitwork/perl"
   @INC:
     lib
     /usr/local/lib/perl5/site_perl/5.25.11/x86_64-linux
     /usr/local/lib/perl5/site_perl/5.25.11
     /usr/local/lib/perl5/5.25.11/x86_64-linux
     /usr/local/lib/perl5/5.25.11

From @jkeenan

diff --git a/t/run/runenv.t b/t/run/runenv.t
index 611e012..6538304 100644
--- a/t/run/runenv.t
+++ b/t/run/runenv.t
@@ -298,11 +298,15 @@ is ($err, '', 'No errors when determining @INC');
 
 my @default_inc = split /\n/, $out;
 
-if ($Config{default_inc_excludes_dot}) {
-    ok !(grep { $_ eq '.' } @default_inc), '. is not in @INC';
-}
-else {
-    is ($default_inc[-1], '.', '. is last in @INC');
+SKIP:
+{
+    skip "PERL_USE_UNSAFE_INC is set, contradicting \$Config{default_inc_excludes_dot", 1;
+    if ($Config{default_inc_excludes_dot}) {
+        ok !(grep { $_ eq '.' } @default_inc), '. is not in @INC';
+    }
+    else {
+        is ($default_inc[-1], '.', '. is last in @INC');
+    }
 }
 
 my $sep = $Config{path_sep};

From @jkeenan

On Tue, 21 Mar 2017 16​:47​:37 GMT, jkeen@​verizon.net wrote​:

This is a bug report for perl from jkeenan@​zareason.(none),
generated with the help of perlbug 1.40 running under perl 5.24.1.

-----------------------------------------------------------------
[Please describe your issue here]

Today I went to build and test blead at commit
295d6d0. I got a test failure in
t/run/runenv.t -- a test failure which I had not observed building
blead
yesterday.

#####
cd t; ./perl harness -v run/runenv.t; cd -
...
ok 61 - No errors when determining @​INC
not ok 62 - . is not in @​INC
# Failed test 62 - . is not in @​INC at ./run/runenv.t line 301
#####

The test itself is not new; it was committed in January of this year.

Some IRC #p5p dialogue​:

#####
(11​:02​:38 AM) kid51​: Hmm, maybe the test failure was due to having
PERL_USE_UNSAFE_INC=1 in that terminal, which has been open since
yesterday
(11​:02​:55 AM) kid51​: Yes, that was the problem
(11​:04​:45 AM) ilmari​: we don't actually have any tests for that env
var
(11​:07​:35 AM) kid51​: Yeah ... but shouldn't we know whether that ENV
var
(or any other ENV var) has been set before running *any* tests?
(11​:09​:02 AM) ilmari​: ah, t/TEST clears a bunch of vars already, it
could be added there
(11​:09​:48 AM) kid51​: In fact, going forward, shouldn't the presence of
both PERL_USE_UNSAFE_INC=1 and $Config{default_inc_excludes_dot} be
detected by Configure and flagged as an error?
(11​:11​:09 AM) ilmari​: but this test specifically should clear it too
(it
already clears PERL5LIB and others)
(11​:11​:33 AM) ilmari​: I don't see why
(11​:11​:41 AM) ilmari​: PERL_USE_UNSAFE_INC doesn't affect the build
(11​:11​:54 AM) ilmari​: but the tests should handle it being set
#####

Attached is a patch to address the immediate problem. Please review.
Better approaches welcome.

Thank you very much.
Jim Keenan

Other (probably better) solution available in this branch​:

smoke-me/ilmari/unsafe-inc-env

--
James E Keenan (jkeenan@​cpan.org)

The RT System itself - Status changed from 'new' to 'open'

From @xsawyerx

On 03/21/2017 06​:14 PM, James E Keenan via RT wrote​:

On Tue, 21 Mar 2017 16​:47​:37 GMT, jkeen@​verizon.net wrote​:

This is a bug report for perl from jkeenan@​zareason.(none),
generated with the help of perlbug 1.40 running under perl 5.24.1.

-----------------------------------------------------------------
[Please describe your issue here]

Today I went to build and test blead at commit
295d6d0. I got a test failure in
t/run/runenv.t -- a test failure which I had not observed building
blead
yesterday.

#####
cd t; ./perl harness -v run/runenv.t; cd -
...
ok 61 - No errors when determining @​INC
not ok 62 - . is not in @​INC
# Failed test 62 - . is not in @​INC at ./run/runenv.t line 301
#####

The test itself is not new; it was committed in January of this year.

Some IRC #p5p dialogue​:

#####
(11​:02​:38 AM) kid51​: Hmm, maybe the test failure was due to having
PERL_USE_UNSAFE_INC=1 in that terminal, which has been open since
yesterday
(11​:02​:55 AM) kid51​: Yes, that was the problem
(11​:04​:45 AM) ilmari​: we don't actually have any tests for that env
var
(11​:07​:35 AM) kid51​: Yeah ... but shouldn't we know whether that ENV
var
(or any other ENV var) has been set before running *any* tests?
(11​:09​:02 AM) ilmari​: ah, t/TEST clears a bunch of vars already, it
could be added there
(11​:09​:48 AM) kid51​: In fact, going forward, shouldn't the presence of
both PERL_USE_UNSAFE_INC=1 and $Config{default_inc_excludes_dot} be
detected by Configure and flagged as an error?
(11​:11​:09 AM) ilmari​: but this test specifically should clear it too
(it
already clears PERL5LIB and others)
(11​:11​:33 AM) ilmari​: I don't see why
(11​:11​:41 AM) ilmari​: PERL_USE_UNSAFE_INC doesn't affect the build
(11​:11​:54 AM) ilmari​: but the tests should handle it being set
#####

Attached is a patch to address the immediate problem. Please review.
Better approaches welcome.

Thank you very much.
Jim Keenan

Other (probably better) solution available in this branch​:

smoke-me/ilmari/unsafe-inc-env

+1 to that.

From @ilmari

Sawyer X <xsawyerx@​gmail.com> writes​:

On 03/21/2017 06​:14 PM, James E Keenan via RT wrote​:

Other (probably better) solution available in this branch​:

smoke-me/ilmari/unsafe-inc-env

+1 to that.

Merged (with some tweaks), so this ticket can be closed.

- ilmari

--
"The surreality of the universe tends towards a maximum" -- Skud's Law
"Never formulate a law or axiom that you're not prepared to live with
the consequences of." -- Skud's Meta-Law

@iabyn - Status changed from 'open' to 'resolved'