drmuey
commented
4 years ago Thanks! Does it happen when you untaint the value being passed in?
Can you post a simplest-case reproduction case? Like a one liner for example.
Open dinak99 opened 4 years ago
drmuey
commented
4 years ago Thanks! Does it happen when you untaint the value being passed in?
Can you post a simplest-case reproduction case? Like a one liner for example.
dinak99
commented
4 years ago Yes, even if I untaint it. It's is due to that the module gets the working directory inside itself.
An example: $ mkdir -p a/b $ perl -MFile::Copy::Recursive=rmove -Twe 'rmove("a","c")'
dinak99
commented
4 years ago Ah, sorry! Notice that I'm using OpenBSD 6.6. Which uses the file Recursive.pm version:
$VERSION = '0.44';
$ perl -v This is perl 5, version 28, subversion 2 (v5.28.2) built for amd64-openbsd
bsroth
commented
1 year ago We have ran into this issue. The code was working properly in version 0.38 on Debian 9. Then was ported to Rhel 8.7 with 0.40 and then updated via cpan to 0.45. Both 0.40 and 0.45 exhibit this issue even with sanitized data. We are on perl 5, version 26, subversion 3.
Let me know if you need additional information.
In file Recursive.pm at p5-File-Copy-Recursive.
I always use taint mode and now I'm getting: "Insecure dependency in chdir while running with -T switch at /usr/local/libdata/perl5/site_perl/File/Copy/Recursive.pm line 414."
Seems the variable $starting_point isn't sanitized.