On Wed, Oct 25, 2006 at 05:44:26PM +0200, Urban Hillebrand wrote:
> > > (3) This is probably to early to report, as I have not yet been able to
> > > reproduce this problem. Has anyone had problems with policyd-weight and
> > > perl taint checking?
>
> Well, ok, the thing is, we did not change your script in any way to turn it
> on!
I believe that now.
> Could some error in the config file have led to this? Right now they are like
> this:
Yes. You must have something in your configfile which makes perl choke on
that file.
I have figured out what exactly causes this behaviour:
Background: some versions of suse didn't implement the perl POSIX module
correctly. As such we switched from dropping privileges via POSIX module
to $<, $>, $( and $).
Now this raises another issue (mainly due to a not obvious documented perl
feature):
If we set $< then perl turns on taint mode.
We could do $<=$>=n - but that is non-portable.
I am about to fix that taint issue by making it taint-safe.
Stay tuned, I will release a 0.1.13 beta-16 today.
(meanwhile you can double check your config file for syntax errors or bogus
characters).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
