This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Fix checks for tainted dir in $ENV{PATH}
authorFather Chrysostomos <sprout@cpan.org>
Sat, 3 Sep 2016 20:30:22 +0000 (13:30 -0700)
committerFather Chrysostomos <sprout@cpan.org>
Sun, 4 Sep 2016 01:51:41 +0000 (18:51 -0700)
commitba0a4150f6f1604df236035adf6df18bd43de88e
tree04c01c3acb428079b256a36f99efb832403e68d7
parentfac2c98c83b1d3b5039146aa7b14e3ed41f65cc4
Fix checks for tainted dir in $ENV{PATH}

$ cat > foo
#!/usr/bin/perl
print "What?!\n"
^D
$ chmod +x foo
$ ./perl -Ilib -Te '$ENV{PATH}="."; exec "foo"'
Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.

That is what I expect to see.  But:

$ ./perl -Ilib -Te '$ENV{PATH}="/\\:."; exec "foo"'
What?!

Perl is allowing the \ to escape the :, but the \ is not treated as an
escape by the system, allowing a relative path in PATH to be consid-
ered safe.
embed.fnc
embed.h
mg.c
proto.h
t/op/taint.t
util.c