Hi Perrin, 

> -----Original Message-----
> From: Perrin Harkins [mailto:[EMAIL PROTECTED] 
> Sent: 30 March 2007 14:27
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; modperl@perl.apache.org; Client 
> Research Development
> Subject: Re: "Insecure dependency in eval while running setgid" error
> 
> On 3/30/07, [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> wrote:
> > I did this yesterday along with the other debugging. 
> Unfortunately there
> > doesn't seem to be a sequence of hits. The child process could have
> > served multiple hits to the page in question or none at all.
> 
> You need the sequence this child followed on ALL requests since it was
> spawned, not just the ones from one specific page.

We did do, the change we made was to the log format in the httpd.conf so
we have the pid for every single access log entry.

What we found is that sometimes the problem would occur with httpd
processes that had served nothing other than this page and static
content (gifs, js files etc.) . In other cases the httpd process had
served cgi scripts and our other mod_perl page, but I don't think the
other mod_perl page or the forked cgi's are relevant given that there
are instances where only static content has been served.  Is that a fair
conclusion to make?

As well as the access pid logging and the error log debugging we trussed
the httpd, and while I'm no expert at reading truss and have very little
C knowledge I couldn't spot anything untoward going on in terms of
system calls.
------------------------------------------------------------------------
For more information about Barclays Capital, please visit our web site at 
http://www.barcap.com.

Internet communications are not secure and therefore the Barclays Group does 
not accept legal responsibility for the contents of this message.  Although the 
Barclays Group operates anti-virus programmes, it does not accept 
responsibility for any damage whatsoever that is caused by viruses being 
passed.  Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the Barclays Group.  Replies to this email 
may be monitored by the Barclays Group for operational or business reasons.
------------------------------------------------------------------------

Reply via email to