[Koha-bugs] [Bug 17717] Fix broken cronjobs due to permissions of the current directory
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Mar 2 17:01:18 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17717
--- Comment #57 from Marco Moreno <mmoreno at pobox.com> ---
Hmmm...I'm now reconsidering this and wonder if option #3 is really the best
solution by removing '.' from @INC.
You made a good point about /tmp being a concern. This, plus the fact that
they have removed '.' from @INC in recent versions of Perl, has convinced me
that having '.' in @INC is generally a very bad idea and a major security
concern.
Therefore, I want to propose revisiting comment #40 which removes '.' from @INC
in a common library early in the bootstrapping process. This effectively
undoes the "feature" added in Perl 5.18 and removed in Perl 5.26.
Additionally, this prevents exploits that attempt to insert '.' via PERL5LIB.
It is a single line of code, does nothing if '.' doesn't exist in @INC, and
doesn't require modifying crons.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list