On Thu, 17 Aug 2000, Dave Jenkins wrote:
> I'd appreciate some help with a nasty little intermittent problem.
>
> I'm running...
> Apache/1.3.9 (Unix) mod_perl/1.21 mod_ssl/2.4.9 OpenSSL/0.9.4
> on a SuSE 6.2 box (2.2.10 kernel)
>
> Mostly everything is fine, but now and then the following error appears. When
> it does, it occurs every few requests, so presumably infects one or two of the
> running Apache processes. It's cured by a restart (until the next time it
> happens!)
> ----------------------------------------------------
> [error] Insecure dependency in require while running with -T switch at <blah>
> ----------------------------------------------------
> The relevant line in <blah> is a 'use' statement, such as
> use Time::Local 'timegm';
Hmm, did you read the perlsec manpage?
It suggests the following cure:
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
Give it a try.
Also there is a Taint.pm module on CPAN but I don't see how it should help
here. Apparently some code in Time::Local is not taint-clean.
> I tried to find whether the problem was due to something dodgey getting into
> @INC, by running the test script inctest.cgi, attached (is_tainted function
> lifted from Camel book). If I run this after getting the above error message,
> it indicates that every element of @INC is tainted.
>
> I've looked at the "@INC and mod_perl" page in the guide. In httpd.conf I have
> PerlTaintCheck On and I'm not setting PERL5LIB. My startup.pl doesn't do
> anything with 'use lib'.
>
> Thanks in advance for any advice,
>
> Dave
> --
> Dave Jenkins
> Silk New Media
>
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com
http://singlesheaven.com http://perlmonth.com perl.org apache.org
