Taint problem calling Archive::Zip?

John Wilcock john at tradoc.fr
Tue Nov 16 12:03:55 GMT 2010


Le 16/11/2010 09:09, John Wilcock a écrit :
> Le 16/11/2010 01:44, Jeff Mills a écrit :
>>> Insecure dependency in chmod while running with -T switch at
>>> /usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490
>>
>> I have the same issue at one site. I ended up setting the archive
>> depth to zero as a workaround, but I did stumble apon a patch to the
>> perl module somewhere that I didn't have time to look at.
>
> Could this <https://rt.cpan.org/Public/Bug/Display.html?id=61930> be it?
> It certainly looks to fit the symptoms. I'll give the patch a try and
> report back...

Tests confirm, for anyone else who might be suffering from this taint 
issue, that the patch in the CPAN bug does indeed fix the problem.

Note that the patch isn't included in the 1.31_01 developer release of 
Archive::Zip.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr


More information about the MailScanner mailing list