#142 Tainted-Mode results in Error

open
nobody
Editor (234)
5
2007-09-25
2005-02-19
Anonymous
No

When I add a "#!/usr/bin/perl -Tw" in the first line of
a Perl-Script, EPIC tells me that it is "Too late for
"-T" option at line 1". Dunno why.

Discussion

  • LeO
    LeO
    2005-02-21

    Logged In: YES
    user_id=703323

    Don't understand: When does the message appear? In the
    Editor or when you execute. How does the whole script looks
    like?

    I cannot reproduce it with 0.3.10.

     
  • john_kreuziger
    john_kreuziger
    2005-03-31

    Logged In: YES
    user_id=1249903

    Here is the error message I receive. I have version 0.3.10
    installed and the same message is displayed on either Linux
    or Windows platforms.

    Console Message:
    "-T" is on the #! line, it must also be used on the command
    line at
    /home/johnk/perlide/workspace/PayPal/cgi-bin/null.cgi line 1.

    Here is a copy of my script:

    #!/opt/ActivePerl-5.8/bin/perl -wT

    print <<END_OF_HTML;
    Content-type: text/html

    END_OF_HTML

    The message is not displayed until I run the script.

    The script works with the -w just fine. Also I can run the
    script from the command line without a problem.

     
  • Logged In: YES
    user_id=974624

    Hello,

    this is not epic or eclipse, it's perl. When started in
    non-tainted mode and given a -T switch in the shebang line,
    perl is 'pulling the emergency brake' and stops, because it
    sees the need for tainted mode too late. You may test it on
    command line: "perl null.cgi" will bring up the same
    message, whereas "perl -T null.cgi" will do.
    Try to set up script invocation for tainted mode so that the
    -T is in the command line.

    Hope that helps,
    Oliver

     
  • Jan Ploski
    Jan Ploski
    2006-08-04

    Logged In: YES
    user_id=86907

    Not a bug - closing.

     
  • Jan Ploski
    Jan Ploski
    2006-08-04

    • status: open --> closed-invalid
     
  • Julian Ladisch
    Julian Ladisch
    2007-09-09

    Logged In: YES
    user_id=561017
    Originator: NO

    Use these three example files:

    system.pl:
    #!/usr/bin/perl
    system 'echo', shift;
    print "reached\n";

    system_lower_t.pl
    #!/usr/bin/perl -t
    system 'echo', shift;
    print "reached\n";

    system_capital_t.pl
    #!/usr/bin/perl -T
    system 'echo', shift;
    print "reached\n";

    Expected EPIC behaviour:

    There is no need to alter the "Perl EPIC" "Enable taint mode" preference when
    switching from one file to another.

    All three files can be edited in the EPIC editor without showing an error
    because of the #! line.

    All three files can be run using the correct -t, -T perl switch, having this result:
    system.pl prints a newline and "reached", but no "-t" or "-T" message.
    system_lower_t.pl prints "-t" messages and continues outputting a newline and "reached".
    system_capital_t.pl prints a "-T" message and stops without printing "reached".

    Actual behaviour:

    a) When disabling preference "Perl EPIC" "Enable taint mode"

    system.pl: As expected.

    system_lower_t.pl: In the editor and when running there is an error message on
    the first line saying:
    "-t" is on the #! line, it must also be used on the command line

    system_captial_t.pl: In the editor and when running there is an error message on
    the first line saying:
    "-T" is on the #! line, it must also be used on the command line

    b) When enabling preference "Perl EPIC" "Enable taint mode"

    system.pl: In editor as expected. When running there is an error message saying:
    Insecure $ENV{PATH} while running with -T switch at system.pl line 2.
    "reached" is missing from the output.

    system_lower_t.pl: In editor as expected. When running there is an error message saying:
    Insecure $ENV{PATH} while running with -T switch at system.pl line 2.
    "reached" is missing from the output.

    system_capital_t.pl: As expected.

     
  • Jan Ploski
    Jan Ploski
    2007-09-25

    Logged In: YES
    user_id=86907
    Originator: NO

    Reopening on request of julianladisch.

     
  • Jan Ploski
    Jan Ploski
    2007-09-25

    • status: closed-invalid --> open