New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rename wrongly considered insecure in an elsif clause #12415
Comments
From @mhaschThis is a bug report for perl from mhasch@cpan.org, Perl seems to consider "rename" to be an insecure operation in A test for this is attached below. I thank Bram on #p5p for -Martin Flags: Site configuration information for perl 5.16.1: Configured by ***** at Fri Aug 10 10:33:58 CEST 2012. Summary of my perl5 (revision 5 version 16 subversion 1) configuration: Locally applied patches: @INC for perl 5.16.1: Environment for perl 5.16.1: |
From @mhasch#!/usr/bin/perl -T use strict; my $target_filename = 'elsif_rename_target.txt'; open my $fh, '>', $source_filename plan tests => 1; my $r = eval { unlink $target_filename, $source_filename; __END__ |
From @jkeenanOn Fri Sep 14 10:24:05 2012, mhasch@cpan.org wrote:
The "insecure dependency" message refers one to 'perlsec'. I believe ##### ... and renaming a file does not appear in that list of exceptions. My Thank you very much. |
The RT System itself - Status changed from 'new' to 'open' |
From p5p@spam.wizbit.beOn Sun May 26 17:15:32 2013, jkeenan wrote:
This is not the case.. If you change the 'elsif' to an 'if' then the test case passes. Also note that the message is not specifc to rename. There are two ways to make the test case work: The problem here is that the taint mode of the if-block is leaking into
To me this behaviour does not appear to be 'works as designed' but Best regards, Bram |
Migrated from rt.perl.org#114908 (status was 'open')
Searchable as RT114908$
The text was updated successfully, but these errors were encountered: