Re: pop @INC (".")

From: David Golden <xda...@gmail.com>

Thu, 8 Mar 2012 15:45:04 -0500

Let me answer your points in reverse order.

> Does anyone besides me share my concern that putting "." in the path isn't> always necessarily desirable?

I agree that it's not always desirable, but I'm not convinced that
it's never desirable, either.  Or rather, if undesirable, how/when
should it be removed from @INC.  Optionally with "-T" or mandatory
enforcement by the interpreter?

> There's about 4 test related files in core that would have to be patched to> get tests working. But I would be very concerned with breaking CPAN over> it.

Are you talking about just removing "." from @INC or are you talking
about forcing taint mode on always.  My gut instinct is that the
former would break lots of tests, but not lots of modules at runtime.
I suspect the latter would break a lot more at runtime.

> I asked this because I was actually considering submitting a patch for 5.18> to provide this as a Configure option.  While I'm not for taint being on> always, I worry that it's generally a potential security issue that @INC> paths are unpredictable if you can't control where the program will be run> from. I realize this concern has holes in it.

Something would get loaded from "." only if it's not found previously
in @INC.  So the worry is about code that loads missing modules
finding something bogus/risky instead of failing a module load
(whether it dies or is trapped in an eval)?

The sort of attack vector I could imagine is some code running with
elevated privileges and also using something like Module::Pluggable,
which would pick up appropriately named plugins from "." in @INC.

It seems like that's more easily addressed by running code that
requires elevated privileges under taint mode, rather than running
*all* programs under taint mode.

That latter bit might be an interesting configuration option to
explore -- to automatically enable taint mode when running as uid 0.

That should still allow CPAN modules to be installed as long as they
are built by a regular user and only installed with "sudo make
install".

It probably still breaks lots of things that don't expect to be
running in taint mode, but that might be an acceptable tradeoff to
protect uid 0.

-- David

Recent Messages in this Thread
pop @INC (".")	Todd Rinaldo	Mar 08, 2012 07:38 pm
Re: pop @INC (".")	David Golden	Mar 08, 2012 08:10 pm
Re: pop @INC (".")	Todd Rinaldo	Mar 08, 2012 08:20 pm
Re: pop @INC (".")	David Golden	Mar 08, 2012 08:45 pm
RE: pop @INC (".")	Jan Dubois	Mar 08, 2012 08:58 pm
Re: pop @INC (".")	Todd Rinaldo	Mar 08, 2012 10:37 pm
Re: pop @INC (".")	Reini Urban	Mar 08, 2012 11:06 pm
Re: pop @INC (".")	H.Merijn Brand	Mar 09, 2012 06:56 am
Re: pop @INC (".")	Todd Rinaldo	Mar 09, 2012 07:16 am
Re: pop @INC (".")	Tom Christiansen	Mar 09, 2012 01:18 pm
Re: pop @INC (".")	Niko Tyni	Mar 09, 2012 04:44 pm
Re: pop @INC (".")	Jesse Luehrs	Mar 08, 2012 11:16 pm
Re: pop @INC (".")	Steffen Schwigon	Mar 12, 2012 01:15 pm
Re: pop @INC (".")	Offer Kaye	Mar 08, 2012 08:10 pm
Re: pop @INC (".")	Abigail	Mar 08, 2012 10:57 pm
Re: pop @INC (".")	David Golden	Mar 08, 2012 10:58 pm
Re: pop @INC (".")	Todd Rinaldo	Mar 08, 2012 11:08 pm
Re: pop @INC (".")	H.Merijn Brand	Mar 09, 2012 06:47 am
Re: pop @INC (".")	Todd Rinaldo	Mar 09, 2012 06:58 am
RE: pop @INC (".")	Jan Dubois	Mar 09, 2012 07:24 am
Re: pop @INC (".")	Tom Christiansen	Mar 09, 2012 12:24 am
RE: pop @INC (".")	Jan Dubois	Mar 09, 2012 12:54 am
Re: pop @INC (".")	Tom Christiansen	Mar 09, 2012 02:02 am
Re: pop @INC (".")	Todd Rinaldo	Mar 09, 2012 06:59 am
Re: pop @INC (".")	demerphq	Mar 09, 2012 07:27 am
Re: pop @INC (".")	Aristotle Pagaltzis	Mar 09, 2012 09:33 am
Re: pop @INC (".")	Todd Rinaldo	Mar 09, 2012 11:35 am
Re: pop @INC (".")	David Golden	Mar 09, 2012 11:57 am
Re: pop @INC (".")	Paul Johnson	Mar 09, 2012 12:25 pm
Re: pop @INC (".")	Kent Fredric	Mar 09, 2012 01:09 pm
Re: pop @INC (".")	Paul Johnson	Mar 09, 2012 02:26 pm
RE: pop @INC (".")	Konovalov, Vadim (Vadim) CTR	Mar 11, 2012 06:04 am

◄ Messages in this thread ►

Previous post: Re: pop @INC (".")

Next post: RE: pop @INC (".")

Subscribe to the perl5-porters RSS feed

Accounts

List Archives

Feedback & Information

ActiveState

© 2019 ActiveState Software Inc. All rights reserved. ActiveState®, Komodo®, ActiveState Perl Dev Kit®, ActiveState Tcl Dev Kit®, ActivePerl®, ActivePython®, and ActiveTcl® are registered trademarks of ActiveState. All other marks are property of their respective owners.