[Pkg-privacy-commits] [msva-perl] 145/356: trivially untaint environment for the main child process
Ximin Luo
infinity0 at moszumanska.debian.org
Mon Aug 24 07:41:50 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository msva-perl.
commit 202ca76431bcd58086c81588ed0bd194906ffb1b
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Oct 4 01:08:41 2010 -0400
trivially untaint environment for the main child process
---
Changelog | 6 ++++--
Crypt/Monkeysphere/MSVA.pm | 6 +++++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/Changelog b/Changelog
index fb1b676..5423050 100644
--- a/Changelog
+++ b/Changelog
@@ -4,9 +4,11 @@ msva-perl (0.4~pre) upstream;
directly (needs GnuPG::Interface, Regexp::Common) (closes MS #2034)
* adds MSVA_KEYSERVER_POLICY and MSVA_KEYSERVER environment variables.
* added a marginal UI (needs Gtk2 perl module) (closes MS #2004)
- * untaint input uids (closes MS #2270)
+ * Filter incoming uids to match a strict regex (closes MS #2270)
+ * Trivially untaint the environment for the single child process
+ (closes MS #2461)
- -- Daniel Kahn Gillmor <dkg at fifthhorseman.net> Sat, 02 Oct 2010 23:54:11 -0400
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net> Mon, 04 Oct 2010 01:06:52 -0400
msva-perl (0.3) upstream;
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index 0be02f8..a3ccff5 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -594,7 +594,11 @@
for my $arg (@ARGV) {
msvalog('verbose', " %s\n", $arg);
}
- $ENV{PATH} = untaint($ENV{PATH});
+ # untaint the environment for the subprocess
+ # see: https://labs.riseup.net/code/issues/2461
+ foreach my $e (keys %ENV) {
+ $ENV{$e} = untaint($ENV{$e});
+ }
my @args;
foreach (@ARGV) {
push @args, untaint($_);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git
More information about the Pkg-privacy-commits
mailing list