Am Freitag, 7. Juli 2006 19:08 schrieb Philip M. Gollucci:
> Heiko Weber wrote:
> > Sure, I know what "perl taint" is ... so somewhere in my own written
> > cgi-code I must use a taited variable. But how to find the line of code ?
> > In the errorlog there only the above line, no more deeper/detailed info.
> > I didn't find a way to detect the place where I didn't check parameter
> > from CGI - and there are a lot of lines ...
>
> Try adding to a startup.pl
> use Carp;
> $SIG{__DIE__} = sub { confess shift };
> $SIG{__WARN__} = \&Carp::cluck;
Hi Philip,
thanks for the hint. I added a <Perl>-section in httpd.conf:
<Perl>
use Carp;
$SIG{__DIE__} = sub { confess shift };
$SIG{__WARN__} = \&Carp::cluck;
</Perl>
Hope, this is the same as a startup.pl
Now I got the following in errorlog:
[Thu Jul 13 17:43:09 2006] [error] [client xx.xx.xx.xx]
Insecure dependency in eval while running setgid
at /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/RegistryCooker.pm line
676.
at /usr/local/etc/apache2/httpd.conf line 1061
(unknown)('Insecure dependency in eval while running setgid at /usr/loca...')
called at /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/RegistryCooker.pm
line 676
ModPerl::RegistryCooker::compile('ModPerl::Registry=HASH(0xb71f2d8)',
'SCALAR(0xb68e2a8)')
called at /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/RegistryCooker.pm
line 405
ModPerl::RegistryCooker::convert_script_to_compiled_handler('ModPerl::Registry=HASH(0xb71f2d8)')
called at /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/RegistryCooker.pm
line 162
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xb71f2d8)')
called at /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/Registry.pm line
30
ModPerl::Registry::handler('ModPerl::Registry',
'Apache2::RequestRec=SCALAR(0xb68dcd8)')
called at -e line 0\n\teval {...} called at -e line 0
Line 1061 is the $SIG{__DIE__} in httpd.conf.
Any idea ? Move $SIG ... into startup.pl ?
Heiko
smime.p7s
Description: S/MIME cryptographic signature
