RE: Insecure dependency errors

Barry Veinotte Fri, 04 May 2001 13:42:53 -0700

> -----Original Message-----
> From: Stas Bekman [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 03, 2001 11:56 PM
> To: Cees Hek
> Cc: Barry Veinotte; [EMAIL PROTECTED]
> Subject: Re: Insecure dependency errors 
> 
> 
> On Fri, 4 May 2001, Cees Hek wrote:
> 
> > On Thu, 3 May 2001, Barry Veinotte wrote:
> >
> > > [Thu May  3 15:06:57 2001] [error] Insecure dependency in open while
> > > running with -T switch at 
>/usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
> 
> > > The scripts using the .pm are running under Apache::Registry and have been 
>running
> > > fine. Then last night a "major" upgrade was done to the servers. Now the scripts 
>are
> > > dying with this error. None of them are running -T   I don't think any on the 
>server are,
> > > and know none under Apache::Registry are.
> 
> > > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > > where I could start looking?
> 
> % perldoc perlsec
> 
> > Check your Apache config files for  PerlTaintCheck On, and check all your
> > registry scripts for the -T switch.  Also, taint checking is automatically
> > turned on when scripts are run setuid (I don't know if that can affect
> > Registry scripts, but it's probably worth checking the file permissions on
> > all your scripts and modules)
> 
> -T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
> setuid, Apache::Registry scripts aren't executed as plain perl scripts.
> Instead they are being read as plain files, placed into the handler()
> function (and the package) and only then executed.
> 
> See: http://perl.apache.org/guide/porting.html#Taint_Mode
> _____________________________________________________________________
> Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
> http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
> mailto:[EMAIL PROTECTED]   http://apachetoday.com http://eXtropia.com/
> http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
> 

 Thanks for the words of wisdom Gents. These errors were not occuring before the 
admins did their "major upgrade" so I knew the code was okay. However, after verifying 
a
few times that there was nothing setuid or containg a -T switch, and wasting a day and 
a
half on searching for the cause of these senseless errors,  I found a fix.  REBOOT

I still don't know why mod_perl thought I was throwing a  -T  at it, but rebooting the 
box shook it loose.

        Doh!

Barry
RE: Insecure dependency errors

Reply via email to
