Debian Bug report logs - #289983
PATH environment variable is set to '/bin:/usr/bin' even in non-tainted mode

version graph

Package: libmime-lite-perl; Maintainer for libmime-lite-perl is Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>; Source for libmime-lite-perl is src:libmime-lite-perl.

Reported by: Serge Olkhowik <solo@isd.dp.ua>

Date: Wed, 12 Jan 2005 07:48:04 UTC

Severity: important

Tags: patch

Found in version 3.01-3

Fixed in version libmime-lite-perl/3.01-4

Done: Gunnar Wolf <gwolf@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#289983; Package libmime-lite-perl. Full text and rfc822 format available.

Acknowledgement sent to Serge Olkhowik <solo@isd.dp.ua>:
New Bug report received and forwarded. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Serge Olkhowik <solo@isd.dp.ua>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: PATH environment variable is set to '/bin:/usr/bin' even in non-tainted mode
Date: Wed, 12 Jan 2005 09:38:25 +0200
Package: libmime-lite-perl
Version: 3.01-3
Severity: important
Tags: patch

PATH environment variable is set to '/bin:/usr/bin' even in non-tainted
mode. I suppose that line 337 in MIME/Lite.pm should look like:

$ENV{PATH} = '/bin:/usr/bin'
  unless ${^TAINT} == 0;

BTW: such PATH line isn't portable to non-UNIX platforms.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-so
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)

Versions of packages libmime-lite-perl depends on:
ii  perl                          5.8.4-5    Larry Wall's Practical Extraction 

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#289983; Package libmime-lite-perl. Full text and rfc822 format available.

Acknowledgement sent to Gunnar Wolf <gwolf@gwolf.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 289983@bugs.debian.org (full text, mbox):

From: Gunnar Wolf <gwolf@gwolf.org>
To: 289983@bugs.debian.org, debian-perl@lists.debian.org
Subject: Re: PATH environment variable is set to '/bin:/usr/bin' even innon-tainted mode
Date: Wed, 02 Mar 2005 16:41:25 -0600
Hi,

This message is in answer to bug #289983, please read it [1] for
background information. 

I am Cc:ing the Debian Perl list, as I am interested in other opinions
about this.

I do not think the current behavior should be seen as a bug - This
module is set to specify its working path, and I'd like to leave it in
place. However, I agree, it should _not_ mess  with your environment -
Instead of your patch (which does not really solve the situation, in a
tainted environment you would end up exactly the same way you are
now), I'd rather use this:

--- lib/MIME/Lite.pm    2004-12-17 09:41:27.582131640 -0600
+++ /tmp/Lite.pm        2005-03-02 16:41:20.708054824 -0600
@@ -334,6 +334,8 @@
             $VERSION
             );
 
+local %ENV = %ENV;
+
 $ENV{PATH} = '/bin:/usr/bin';
 
 #==============================

Do you agree? Does somebody disagree or have a better idea?

Thanks,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289983

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)1451-2244 / 5554-9450
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF



Reply sent to Gunnar Wolf <gwolf@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Serge Olkhowik <solo@isd.dp.ua>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 289983-close@bugs.debian.org (full text, mbox):

From: Gunnar Wolf <gwolf@debian.org>
To: 289983-close@bugs.debian.org
Subject: Bug#289983: fixed in libmime-lite-perl 3.01-4
Date: Fri, 04 Mar 2005 18:47:26 -0500
Source: libmime-lite-perl
Source-Version: 3.01-4

We believe that the bug you reported is fixed in the latest version of
libmime-lite-perl, which is due to be installed in the Debian FTP archive:

libmime-lite-perl_3.01-4.diff.gz
  to pool/main/libm/libmime-lite-perl/libmime-lite-perl_3.01-4.diff.gz
libmime-lite-perl_3.01-4.dsc
  to pool/main/libm/libmime-lite-perl/libmime-lite-perl_3.01-4.dsc
libmime-lite-perl_3.01-4_all.deb
  to pool/main/libm/libmime-lite-perl/libmime-lite-perl_3.01-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 289983@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gunnar Wolf <gwolf@debian.org> (supplier of updated libmime-lite-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  4 Mar 2005 17:25:35 -0600
Source: libmime-lite-perl
Binary: libmime-lite-perl
Architecture: source all
Version: 3.01-4
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Gunnar Wolf <gwolf@debian.org>
Description: 
 libmime-lite-perl - Perl5 module for convenient generation of MIME messages
Closes: 289983
Changes: 
 libmime-lite-perl (3.01-4) unstable; urgency=low
 .
   * Changes in %ENV are now kept local to the module (Closes: #289983)
Files: 
 95fb6e61b1b8c6513db7b98e203c22fb 691 perl optional libmime-lite-perl_3.01-4.dsc
 388639fc8dafc93996837b316e2119e5 3886 perl optional libmime-lite-perl_3.01-4.diff.gz
 02cf1c3301ce2b9743677c92edad7996 65450 perl optional libmime-lite-perl_3.01-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCKPDD2A7zWou1J68RArYGAJ4psUwNzyUsSc/PpbKi6M+FPkqDgQCcCgWf
exouE07X3cWNpvzZfz7J4Ro=
=fJNV
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:41:31 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.