On Mon, Jun 27, 2005 at 04:00:36PM +0200, Mark Martinec wrote: > > > After that I got it "working", but ended up with this error: > > > > Jun 27 01:34:41 xyz amavis[18246]: [ID 702911 mail.warning] (18246-01) > > WARN save_info_final: Insecure dependency in parameter 1 of > > DBI::db=HASH(0x1612700)->prepare method call while running with -T switch > > at /usr/local/perl/lib/site_perl/5.8.6/sun4-solaris/DBD/Pg.pm line 281, > > <GEN8> line 98. > > Hm, don't know. The parameter 1 in ->prepare is a SQL clause, which > comes from a hash %sql_clause via the %current_policy_bank (routine cr). > In sub execute (line 9412) the prepare is called. The clause string > shouldn't be tainted, and MySQL DBD/DBI is not complaining, so I'm not > sure how/why the DBD/Pg.pm sees the argument as tainted. > > At log level 4 you could see a log entry like: > sql: preparing and executing: $clause > > You may try experimenting with the following test log entry: > > --- amavisd~ Sun Jun 26 01:44:02 2005 > +++ amavisd Mon Jun 27 15:58:00 2005 > @@ -9420,2 +9420,10 @@ > do_log(4,"sql: preparing and executing: $clause"); > + > +use Scalar::Util (); > +do_log(0, "HERE1: prepare $clause, ". > + (Scalar::Util::tainted($clause) ? "TAINTED" : "not tainted")); > +do_log(0, "HERE2: prepare arg: $_, ". > + (Scalar::Util::tainted($_) ? "TAINTED" : "not tainted") > + ) for (@args); > + > $sth = $self->dbh->prepare($clause); $self->sth($clause,$sth);
Everything was "not tainted". I can get stuff working if I change to 'Taint => 0' in amavisd DBI->connect. Is this safe to do? Cheers, Henrik ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
