FS#67919 - [perl] 5.32.0-2: /etc/profile.d/perlbin.sh adds relative path to $PATH
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 17 September 2020, 12:57 GMT
Last edited by freswa (frederik) - Friday, 18 September 2020, 12:21 GMT
Opened by Pascal Ernster (hardfalcon) - Thursday, 17 September 2020, 12:57 GMT
Last edited by freswa (frederik) - Friday, 18 September 2020, 12:21 GMT
|
Details
In perl 5.32.0-2 (which is only in testing as of now), the
script /etc/profile.d/perlbin.sh adds the relative path
"usr/bin/site_perl" instead of the absolute path
"/usr/bin/site_perl" to the $PATH environment variable.
Adding a relative path to $PATH is a potential security
issue:
https://cwe.mitre.org/data/definitions/426.html https://cwe.mitre.org/data/definitions/427.html |
This task depends upon
Closed by freswa (frederik)
Friday, 18 September 2020, 12:21 GMT
Reason for closing: Fixed
Additional comments about closing: perl 5.32.0-3
Friday, 18 September 2020, 12:21 GMT
Reason for closing: Fixed
Additional comments about closing: perl 5.32.0-3
The perl package in core (version 5.32.0-1) is not affected.