[mythtv-commits] Ticket #4954: perl runs in tainted mode and excludes . from path
MythTV
mythtv at cvs.mythtv.org
Fri Mar 14 18:20:57 UTC 2008
#4954: perl runs in tainted mode and excludes . from path
-------------------------+--------------------------------------------------
Reporter: Torg | Owner: stuartm
Type: defect | Status: new
Priority: minor | Milestone: 0.21.1
Component: mythweather | Version: 0.21-fixes
Severity: high | Mlocked: 0
-------------------------+--------------------------------------------------
because mythfrontend runs setuid for real time threads perl runs in
tainted mode. This truncates . from the @INC environment making most of
mythweathers perl scripts fail.
Adding absolute paths to the scripts works, but is an ugly hack to allow
them to run.
{{{
--- animaps.pl.orig 2008-03-14 12:39:01.000000000 -0500
+++ animaps.pl 2008-03-14 12:37:17.000000000 -0500
@@ -1,4 +1,5 @@
#!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
use strict;
use Getopt::Std;
use LWP::Simple;
--- maps.pl.orig 2008-03-14 12:39:19.000000000 -0500
+++ maps.pl 2008-03-14 12:30:21.000000000 -0500
@@ -1,4 +1,5 @@
#!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
use strict;
use Getopt::Std;
use LWP::Simple;
--- ndfd18.pl.orig 2008-03-14 12:38:48.000000000 -0500
+++ ndfd18.pl 2008-03-14 12:45:35.000000000 -0500
@@ -1,4 +1,5 @@
#!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
use strict;
use NDFDParser;
use NWSLocation;
@@ -147,7 +148,7 @@
$icon = $result->{$time}->{'conditions-icon_forecast-NWS'};
$icon =~ s/.*\/([a-z0-9_]+[.][j][p][g])/$1/;
local *FH;
- open(FH, "icons") or die "Cannot open icons";
+ open(FH, "/usr/local/share/mythtv/mythweather/scripts/us_nws/icons")
or die "Cannot open icons";
while(my $line = <FH>) {
if ($line =~ /${icon}::/) {
$line =~ s/.*:://;
--- ndfd.pl.orig 2008-03-14 12:38:39.000000000 -0500
+++ ndfd.pl 2008-03-14 12:50:20.000000000 -0500
@@ -1,4 +1,5 @@
#! /usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
#TODO the icons aren't very meaningful, the server gives them to us for 3
or 6
# hr intervals, but since we're parsing for 12 hour, that seem a little
useless
@@ -188,7 +189,7 @@
$icon = $result->{$iconkey}->{'conditions-icon_forecast-
NWS'};
$icon =~ s/.*\/([a-z0-9_]+[.][j][p][g])/$1/;
local *FH;
- open(FH, "icons") or die "Cannot open icons";
+ open(FH,
"/usr/local/share/mythtv/mythweather/scripts/us_nws/icons") or die "Cannot
open icons";
while(my $line = <FH>) {
if ($line =~ /${icon}::/) {
$line =~ s/.*:://;
--- nws-alert.pl.orig 2008-03-14 12:38:39.000000000 -0500
+++ nws-alert.pl 2008-03-14 12:42:11.000000000 -0500
@@ -1,4 +1,5 @@
#!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
package NWSAlert;
use strict;
use XML::Parser;
--- nwsxml.pl.orig 2008-03-14 12:38:39.000000000 -0500
+++ nwsxml.pl 2008-03-14 12:43:56.000000000 -0500
@@ -1,4 +1,5 @@
#! /usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
use strict;
use XML::Simple;
@@ -116,7 +117,7 @@
$key = 'weather_icon';
$xml->{$key} = 'unknown.png';
local *FH;
- open(FH, "icons") or die "Cannot open icons";
+ open(FH,
"/usr/local/share/mythtv/mythweather/scripts/us_nws/icons") or die "Cannot
open icons";
while(my $line = <FH>) {
chomp $line;
if ($line =~ /$xml->{'icon_url_name'}::/) {
}}}
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/4954>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list