Item5994: turn on taint mode in configure and fix the problems

cos its less secure without.

And while we're at it, remove the files from the logos dir and replace them with inline css images.

-- TWiki:Main/SvenDowideit - 11 Sep 2008

Is anyone doing this within the next few days for 4.2.4 or is this a 5.0 release blocker. I agree that at least for 5.0 this should be done. But better if we can do it for 4.2.4.

-- TWiki:Main.KennethLavrsen - 18 Sep 2008

I'll see what I can do...

-- TWiki:Main.OlivierRaginel - 29 Sep 2008

Sorry, didn't had much time lately, and had troubles with my development installation. So I guess for 4.2.4 it's too late, but I'll try and do it anyway.

-- TWiki:Main.OlivierRaginel - 10 Oct 2008

I enabled taint mode and fixed the (minor, safe) problems it showed up. Note that I was forced to default $ENV{PATH} to the value of same when configure is first run. However I think the risk of this causing problems is extremely small.

-- TWiki:Main.CrawfordCurrie - 12 Oct 2008

This was marked as an urgent bug for 4.2.4. But the fix was only checked into trunk - ie 5.0

It that a mistake or ??

-- TWiki:Main.KennethLavrsen - 13 Oct 2008

Oh, forgot I was supposed to merge. Don't have a 4.2.4 checkout here, will get to it eventually.

Done.

Reverted the merge, cos I merged to the tag instead of the branch. D'oh!

Finally got it right

-- TWiki:Main.CrawfordCurrie - 16 Oct 2008

Reopened. I just found out that when you change ConfigurationLogFile, the entered value will be used by an open(..), and thus barfs on using a tainted value as file path.

-- Foswiki:Main.KoenMartens - 26 Nov 2008