Hi Gabor,
Gabor Kiss writes :
"Insecure dependency in open while running with -T switch at /usr/local/whois/lib/addkey.pl line 52."
52: if (open(OVERFLOWADD, ">>".$db[1].$OVERFLOWEXTENSION.$value)) {
I tried at least six different tricks to avoid this message. No success. (Hardcoded direct setuid C wrapper is not included in the six.)
Any suggestion?
$filename=~ Could you try this: in dbopen change: sub dbname { local(*entry)=@_; local($name)=$DBFILE{$entry{"so"}}; $name.=".".&entype(*entry) if ($SPLIT{$entry{"so"}}); print STDERR "dbname - name: $name\n" if ($opt_V); return $name; } to: sub dbname { local(*entry)=@_; local($name); # # untaint db file name $DBFILE{$entry{"so"}}=~ /(.*)/; $name=$1; $name.=".".&entype(*entry) if ($SPLIT{$entry{"so"}}); print STDERR "dbname - name: $name\n" if ($opt_V); return $name; } I have not tested this code. Please let me know if it works. No need to CC the whole db-wg mailing list since it is not really a design issue ... Note that I also found a couple of other (small) problems with perl5. As the documentation says: It looks like perl5 is working now but we don't give any guarantees and are interested in problems you might find. I will collect this stuff for one big patch file (including RPSL extensions) for Ambrose. David K. ---