Re: Errors when committing to webwml
On Tue, 6 Oct 2009 06:57:00 -0700
Matt Kraai <kraai@ftbfs.org> wrote:
> > Insecure dependency in unlink while running setgid at /cvs/webwml/CVSROOT/log_accum.pl line 63.
54 sub cleanup_tmpfiles {
55 local($wd, @files);
57 $wd = `pwd`;
58 chdir("$TMP_DIR") || die("Can't chdir('$TMP_DIR')\n");
59 opendir(DIR, ".");
60 push(@files, grep(/^$FILE_PREFIX\..*\.$id$/, readdir(DIR)));
61 closedir(DIR);
62 foreach (@files) {
63 unlink $_;
64 }
65 unlink $LAST_FILE . "." . $id;
67 chdir($wd);
68}
> 63 unlink $_; this line uses returned value ASIS from readdir(DIR).
perl claims about it so i think you'll able to avoid it by doing something like
s/[^_-\w\d.]//g; (or more narrower) before unlink.
http://perldoc.perl.org/perlsec.html may help..
--
victory
Reply to: