perl runs in tainted mode and excludes . from path

[Torg]

because mythfrontend runs setuid for real time threads perl runs in tainted mode. This truncates . from the @INC environment making most of mythweathers perl scripts fail.

Adding absolute paths to the scripts works, but is an ugly hack to allow them to run.

--- animaps.pl.orig     2008-03-14 12:39:01.000000000 -0500
+++ animaps.pl  2008-03-14 12:37:17.000000000 -0500
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
 use strict;
 use Getopt::Std;
 use LWP::Simple;
--- maps.pl.orig        2008-03-14 12:39:19.000000000 -0500
+++ maps.pl     2008-03-14 12:30:21.000000000 -0500
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
 use strict;
 use Getopt::Std;
 use LWP::Simple;
--- ndfd18.pl.orig      2008-03-14 12:38:48.000000000 -0500
+++ ndfd18.pl   2008-03-14 12:45:35.000000000 -0500
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
 use strict;
 use NDFDParser;
 use NWSLocation;
@@ -147,7 +148,7 @@
     $icon = $result->{$time}->{'conditions-icon_forecast-NWS'};
     $icon =~ s/.*\/([a-z0-9_]+[.][j][p][g])/$1/;
     local *FH;
-    open(FH, "icons") or die "Cannot open icons";
+    open(FH, "/usr/local/share/mythtv/mythweather/scripts/us_nws/icons") or die "Cannot open icons";
     while(my $line = <FH>) {
         if ($line =~ /${icon}::/) {
             $line =~ s/.*:://;
--- ndfd.pl.orig        2008-03-14 12:38:39.000000000 -0500
+++ ndfd.pl     2008-03-14 12:50:20.000000000 -0500
@@ -1,4 +1,5 @@
 #! /usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';

 #TODO the icons aren't very meaningful, the server gives them to us for 3 or 6
 # hr intervals, but since we're parsing for 12 hour, that seem a little useless
@@ -188,7 +189,7 @@
             $icon = $result->{$iconkey}->{'conditions-icon_forecast-NWS'};
             $icon =~ s/.*\/([a-z0-9_]+[.][j][p][g])/$1/;
             local *FH;
-            open(FH, "icons") or die "Cannot open icons";
+            open(FH, "/usr/local/share/mythtv/mythweather/scripts/us_nws/icons") or die "Cannot open icons";
             while(my $line = <FH>) {
                 if ($line =~ /${icon}::/) {
                     $line =~ s/.*:://;
--- nws-alert.pl.orig   2008-03-14 12:38:39.000000000 -0500
+++ nws-alert.pl        2008-03-14 12:42:11.000000000 -0500
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';
 package NWSAlert;
 use strict;
 use XML::Parser;
--- nwsxml.pl.orig      2008-03-14 12:38:39.000000000 -0500
+++ nwsxml.pl   2008-03-14 12:43:56.000000000 -0500
@@ -1,4 +1,5 @@
 #! /usr/bin/perl -w
+use lib '/usr/local/share/mythtv/mythweather/scripts/us_nws/';

 use strict;
 use XML::Simple;
@@ -116,7 +117,7 @@
         $key = 'weather_icon';
         $xml->{$key} = 'unknown.png';
         local *FH;
-        open(FH, "icons") or die "Cannot open icons";
+        open(FH, "/usr/local/share/mythtv/mythweather/scripts/us_nws/icons") or die "Cannot open icons";
         while(my $line = <FH>) {
             chomp $line;
             if ($line =~ /$xml->{'icon_url_name'}::/) {

[Torg]

Patch for us_nws scripts

[james.sumners@…]

I'v found that adding -I./ to the perl execution line works okay. e.g. #! /usr/bin/perl -w => #! /usr/bin/perl -w -I./.

[beirdo]

(In [25155]) Explicitly added path from the currently running script and default paths into all the scraper scripts that use local libraries. This will get rid of the problem of perl running in tainted mode due to setuid, as now the current directory doesn't need to be implicitly in the path.

Closes #4954