In testargs.t in Test::Harness, don't run a world-writable file.

The test writes a file, then changes the mode, then executes it. The file needs
to be +x to be executable (on many platforms). The file will need to be +w to
be deletable on some platforms. But setting the file world writable just before
running it feels like a bad idea, given that the file's name is as predictable
as process IDs, as there's a race condition to break into the account running
perl's tests.

diff --git a/cpan/Test-Harness/t/testargs.t b/cpan/Test-Harness/t/testargs.t
index cfbdd58..4fba591 100644 (file)
--- a/cpan/Test-Harness/t/testargs.t
+++ b/cpan/Test-Harness/t/testargs.t
@@ -59,7 +59,7 @@ sub make_shell_test {
         print $sh "#!$shell\n\n";
         print $sh "$^X '$test' \$*\n";
     }
-    chmod 0777, $script;
+    chmod 0775, $script;
     return unless -x $script;
     return [ shell => $script ];
 }