system() may start a shell so make sure its behavior will not be modified in unexpected ways by the environment ($CDPATH, $IFS) or an external file ($ENV, $BASH_ENV).

Signed-off-by: Francois Gouget fgouget@codeweavers.com ---

The $ENV{ENV} mystery is finally solved.

testbot/lib/WineTestBot/Config.pm | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/testbot/lib/WineTestBot/Config.pm b/testbot/lib/WineTestBot/Config.pm index 44692295..d6267dee 100644 --- a/testbot/lib/WineTestBot/Config.pm +++ b/testbot/lib/WineTestBot/Config.pm @@ -69,6 +69,9 @@ $LogDir = "$::RootDir/var"; $DataDir = "$::RootDir/var"; $BinDir = "$::RootDir/bin";

+# Sanitize the environment for system() & co +delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # from perlsec + # See the ScheduleOnHost() documentation in lib/WineTestBot/Jobs.pm $MaxRevertingVMs = 1; $MaxRevertsWhileRunningVMs = 0;