New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item12266 (02 Dec 2012, GeorgeClark)Edit Attach

Item12266: Configure can throw a taint error when changing {WorkingDir}

Priority: Normal
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component: Configure
Branches: Release01x01 trunk
Reported By: KipLubliner
Waiting For:
Last Change By: GeorgeClark
Insecure dependency in open while running with -T switch at ... Configure/ line 372

This is in checkCanCreateFile()

open my $fh, '>', $name

GeorgeClark tracked this to be caused by chainging {WorkingDir}, need to untaint the log directory.

Need to untaint the log directory in Checkers/Log/

-- KipLubliner - 26 Nov 2012

This appears to be a duplicate of Item11488. Fixed under this task.

-- GeorgeClark - 26 Nov 2012

ItemTemplate edit

Summary Configure can throw a taint error when changing {WorkingDir}
ReportedBy KipLubliner
Codebase 1.1.6 dev, 1.1.5, 1.1.4
SVN Range
AppliesTo Engine
Component Configure
Priority Normal
CurrentState Closed
Checkins distro:d7c8ffd45881 distro:76306a51f116
TargetRelease patch
ReleasedIn 1.1.6
CheckinsOnBranches Release01x01 trunk
trunkCheckins distro:76306a51f116
Release01x01Checkins distro:d7c8ffd45881
Topic revision: r6 - 02 Dec 2012, GeorgeClark - This page was cached on 22 Mar 2018 - 18:05.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License