New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bleadperl v5.27.4-48-g0cbfaef69b breaks ZEFRAM/Module-Runtime-0.015.tar.gz #16187
Comments
From @andkbisect commit 0cbfaef pp_require: return earlier when module is already loaded diagnostics http://www.cpantesters.org/cpan/report/992841a8-a9f3-11e7-bbbb-db5a96210b79 perl -V Summary of my perl5 (revision 5 version 27 subversion 5) configuration: Characteristics of this binary (from libperl): -- |
From zefram@fysh.orgThe test failures are concerned with tainting. The tests are checking Until now that was the case, and the attempt to reload with a tainted The question here is whether requiring a module is an insecure action, for -zefram |
The RT System itself - Status changed from 'new' to 'open' |
From @iabynOn Sat, Oct 07, 2017 at 08:57:37AM +0100, Zefram wrote:
It's a bit of a stretch, but if - due to a code flaw - an attacker can For example, instead of loading, "Foo::Audit", it could instead force the -- |
From @xsawyerxOn 10/07/2017 06:10 PM, Dave Mitchell wrote:
I have a few questions and apologies if they all seem uninformed. * Does it seem reasonable to audit the code to verify (to some guarantee |
From zefram@fysh.orgSince there's been no move to revert the require tainting change for -zefram |
From @jkeenanOn Tue, 17 Oct 2017 21:45:29 GMT, zefram@fysh.org wrote:
It installs on blead. Resolving ticket. -- |
@jkeenan - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been Perl 5.28.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#132235 (status was 'resolved')
Searchable as RT132235$
The text was updated successfully, but these errors were encountered: