From: "Stas Bekman" Tulan W. Hu wrote:
-- Original Message ----- From: "Stas Bekman"
Please take a look at Apache-Test/lib/Apache/TestConfig.pm
sub open_cmd {
....
it calls untaint_path($ENV{PATH}) in the same file. Please take a look
at
that function and see if you can fix it.
If you don't figure out, please apply the patch below and post the
console
output at the server startup. Thanks.
Thank you for your advise. I do have a long list in the $ENV{PATH}.
If you don't show us what you have in there, we can't fix it. So it's the best that you do (feel free to email me offlist if you think that the information in that path is somewhat sensitive. untaint_path is supposed to deal with any path. I guess you have a new case we didn't encounter
yet.
I have carefully checked my PATH. I found out the problem is my PATH contains "/usr/bin:.:/usr/java/bin:$OLDPATH:/usr/local/bin.....". where the $OLDPATH was not defined. This became an empty spot, "$path::$other_long_pathes", and caused the security error. You may want to add the case in the untaint_path.
Right. This patch should handle this case. Please confirm that it does. Thanks.
Index: Apache-Test/lib/Apache/TestConfig.pm
===================================================================
--- Apache-Test/lib/Apache/TestConfig.pm (revision 148914)
+++ Apache-Test/lib/Apache/TestConfig.pm (working copy)
@@ -1699,9 +1699,8 @@
($path) = ( $path =~ /(.*)/ );
# win32 uses ';' for a path separator, assume others use ':'
my $sep = WIN32 ? ';' : ':';
- # -T disallows relative directories in the PATH
- $path = join $sep, grep !/^\./, split /$sep/, $path;
- return $path;
+ # -T disallows relative and empty directories in the PATH
+ return join $sep, grep !/^(\.|$)/, split /$sep/, $path;
} sub pop_dir {It's actually two tests.
Please follow the intructions in this section:
http://perl.apache.org/docs/2.0/user/help/help.html#_C_make_test___Failures
and we will look at it.
Here are the output on errors: .... ok 4 # send: foobar # testing : banner # expected: Welcome to TestProtocol::pseudo_http # received: Access Denied # Failed test 5 in t/protocol/pseudo_http.t at line 57 not ok 5 # testing : date # Failed test 6 in t/protocol/pseudo_http.t at line 63 fail #4 # expected: Available commands: date quit # received: not ok 6 # Failed test 7 in t/protocol/pseudo_http.t at line 63 fail #5 # send: date # testing : quit # expected: (?-xism:The time is:) # Failed test 8 in t/protocol/pseudo_http.t at line 57 fail #2 # received: not ok 7 # send: quit # testing : end of transmission # expected: Goodbye # received: not ok 8 ok 9 ....
Please re-read: http://perl.apache.org/docs/2.0/user/help/help.html#_C_make_test___Failures and try again :) (hint: you didn't supply all the info requested)
-- __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
