Package: perl-base Version: 5.8.8-7 Severity: important After upgrading from sarge to etch, IO::File::open may fail taint checks when given a relative pathname, even if the supplied value is not tainted.
For example, in the attached script, the first open succeeds but the second
fails:
Insecure dependency in open while running with -T switch at
/usr/lib/perl/5.8/IO/File.pm line 70.
at ./taint-open.pm line 4
main::__ANON__('Insecure dependency in open while running with -T
switch at /...') called at /usr/lib/perl/5.8/IO/File.pm line 70
IO::File::open('IO::File=GLOB(0x82017a0)', 'foo', 'w') called at
./taint-open.pm line 15
The problem appears to stem from an internal call to Cwd::cwd, which result is
tainted.
I'm not sure what changed between sarge and etch to affect this, but it seems
to me IO::File::open could be cleaned up to avoid needing to convert relative
paths to absolute by using the 3-arg form of open().
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages perl-base depends on:
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
perl-base recommends no packages.
-- no debconf information
taint-open.pm
Description: Perl program
