> A similar odd taint problem (still unresolved) came up for someone
> using Apache::ASP. You might have "PerlTaintCheck On" set
> somewhere in an apache configuration file, or you might have
> something like a precompiled RedHat distribution where they
> were kind enough (sarcasm) to auto-enable taint check, and you
> will have to explicitly turn it off with "PerlTaintCheck Off".
>
> I don't know the "real" answer to your problem, as I don't see
> $ENV{PATH} being referenced anywhere in your above code.
Joshua, please no offenses, but you have just suggested to open a possible
security hole. Taintness problems shouldn't be solved by closing eyes on
them... please read the perlsec manpage and a very cool guide by Gunther
Birznieks http://www.gunther.web66.com/FAQS/taintmode.html
For whoever reads this, if you didn't hear about PerlTaintCheck or -T (in
plain perl), you better check the above URL and the man page. Since it can
be too late when someone breaks in, no kidding!!!
BTW, if you want very related, teaching and fun reading of breakin
transcript! The mod_perl didn't let the hacker in... but some stupid
CGI... http://hispahack.ccc.de/en/mi019en.htm
Pepi, please use the "Subject" field, this in a non-optional field! Don't
expect a good anwer if at all, many of us with thousands emails a day,
don't read emails with no subject! Thank you!
> If you do have a RedHat mod_perl RPM, and get other odd errors
> in the future, you might consider compiling mod_perl and Apache
> yourself, as it seems to be the general cure for these problems.
That's good idea :) As someone on the list said, if you don't know to
build a mod_perl from the sources, you don't know mod_perl :)
(No flaming wars please, I'm for RPMs, but it seems that most of the
problems reported on the list lately are somehow related to RPMs or DEBs)
Peace!
_______________________________________________________________________
Stas Bekman mailto:[EMAIL PROTECTED] www.singlesheaven.com/stas
Perl,CGI,Apache,Linux,Web,Java,PC at www.singlesheaven.com/stas/TULARC
www.apache.org & www.perl.com == www.modperl.com || perl.apache.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com
