cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item12266 (02 Dec 2012, GeorgeClark)Edit Attach

Item12266: Configure can throw a taint error when changing {WorkingDir}

pencil
Priority: Normal
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component: Configure
Branches: Release01x01 trunk
Reported By: KipLubliner
Waiting For:
Last Change By: GeorgeClark
Insecure dependency in open while running with -T switch at ... Configure/Checker.pm line 372

This is in checkCanCreateFile()

open my $fh, '>', $name

GeorgeClark tracked this to be caused by chainging {WorkingDir}, need to untaint the log directory.

Need to untaint the log directory in Checkers/Log/Dir.pm

-- KipLubliner - 26 Nov 2012

This appears to be a duplicate of Item11488. Fixed under this task.

-- GeorgeClark - 26 Nov 2012
 

ItemTemplate edit

Summary Configure can throw a taint error when changing {WorkingDir}
ReportedBy KipLubliner
Codebase 1.1.6 dev, 1.1.5, 1.1.4
SVN Range
AppliesTo Engine
Component Configure
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:d7c8ffd45881 distro:76306a51f116
TargetRelease patch
ReleasedIn 1.1.6
CheckinsOnBranches Release01x01 trunk
trunkCheckins distro:76306a51f116
Release01x01Checkins distro:d7c8ffd45881
Topic revision: r6 - 02 Dec 2012, GeorgeClark - This page was cached on 22 Mar 2018 - 18:05.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License