system() may start a shell so make sure its behavior will not be modified in unexpected ways by the environment ($CDPATH, $IFS) or an external file ($ENV, $BASH_ENV). Signed-off-by: Francois Gouget <fgouget(a)codeweavers.com> --- The $ENV{ENV} mystery is finally solved. testbot/lib/WineTestBot/Config.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testbot/lib/WineTestBot/Config.pm b/testbot/lib/WineTestBot/Config.pm index 44692295..d6267dee 100644 --- a/testbot/lib/WineTestBot/Config.pm +++ b/testbot/lib/WineTestBot/Config.pm @@ -69,6 +69,9 @@ $LogDir = "$::RootDir/var"; $DataDir = "$::RootDir/var"; $BinDir = "$::RootDir/bin"; +# Sanitize the environment for system() & co +delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # from perlsec + # See the ScheduleOnHost() documentation in lib/WineTestBot/Jobs.pm $MaxRevertingVMs = 1; $MaxRevertsWhileRunningVMs = 0; -- 2.20.1