381 – Check doesn't seem to work with Perl 5.8.1/5.8.2 with the -T option

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 381 - Check doesn't seem to work with Perl 5.8.1/5.8.2 with the -T option

Summary: Check doesn't seem to work with Perl 5.8.1/5.8.2 with the -T option

Status:	RESOLVED FIXED

Alias:	None

Product:	Validator
Classification:	Unclassified
Component:	check (show other bugs)
Version:	0.6.1
Hardware:	PC Linux

Importance:	P2 major
Target Milestone:	---
Assignee:	Terje Bless
QA Contact:

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-11-18 07:51 UTC by Fr
Modified:	2003-11-22 13:01 UTC (History)
CC List:	0 users

See Also:

Attachments

Description Fr 2003-11-18 07:51:44 UTC

[this is a follow-up to Debian bug #217353]

It looks like starting with version 5.8.1, Perl is fussier about the
tainted mode and the exec command: use of tainted data in command
"exec LIST" seems to cause an error. check calls the commands

  open3("<&SPIN", ">&SPOUT", ">&SPERR", @cmd);

and open3 itself calls "exec @cmd" -- since @cmd contains at least the
name of the SGML Parser (read from the config file), it will always be
tainted. In such a case, the validator prints only "This page is not
valid" and no error or explanation. This makes the validator completely
unusable, hence the severity "major".

Can we consider that what is in the config file can be trusted and untaint
all parameters blindly ?

Frédéric

Comment 1 Fr 2003-11-22 08:01:57 UTC

Hum... it looks like I got lost in the different branches of the CVS:
the fix seems to be there already.

Closing this bug, sorry for the noise.