ports/177416: mail/postgrey has surfaced a bug in perl's taint checking
Philip Paeps
philip at freebsd.org
Fri Jun 21 21:13:24 UTC 2013
On 2013-06-21 13:51:01 (-0700), Paul Beard <paulbeard at gmail.com> wrote:
> On Jun 21, 2013, at 1:30 PM, Philip Paeps <philip at freebsd.org> wrote:
> > One way to fix this would be to look for every port that depends on
> > p5-Getopt-Long and make that dependency conditional on versions of perl
> > which don't have a bundled Getopt::Long. But perhaps there is a more
> > elegant way?
>
> I thought I might test this.
It worked for me[tm]. :-)
> So it looks like I still can't get it to work with a socket (I wish I
> had tried before the install/deinstall of Getopt-Long).
I only tried with a UNIX socket, not with an INET socket, but the
culprit is likely the same: Socket.pm is pulling in some other module
that taints what its passing to the socket call. Unfortunately, I
don't seem to have a Perl module on my system causing it to fail anymore
(after getting rid of Getopt::Long).
One thing you could do though, is find foo.pm files in site_perl which
also exist in perl/5.14. The problem is caused by Socket.pm picking up
something from site_perl instead of the same something bundled with
Perl.
> As I have no inbound mail service (thx, Comcast), it's no longer an
> issue for me.
Thanks for testing though!
- Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
More information about the freebsd-ports-bugs
mailing list