Hi Clinton, Thanks for your input :)
> -----Original Message----- > From: Clinton Gormley [mailto:[EMAIL PROTECTED] > Sent: 30 March 2007 16:50 > To: Shah, Sagar: IT (LDN) > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > modperl@perl.apache.org; Client Research Development > Subject: RE: "Insecure dependency in eval while running setgid" error > > I may have missed your reply somewhere in the thread, but > Robert Landrum > asked the question about whether this happens only in > children that have > respawned, and I haven't seen you comment about it. I think I remember saying that so far I've only been testing after graceful restarts (so what I would assume u call respawned children). > It may be worth adding a call to Apache2::ServerUtil::restart_count() > into the debugging statement. > > If this does only happen on higher generation children, then > it might be > that some untainted variable is skipping an untainting process in a > BEGIN block (or something like that). > > This is a guess, but is probably worth excluding (and easy to do so) Indeed, we should see if the original children of the parent httpd process suffer from this process. I'll get the guys in my team to try this also. The untainting itself however happens just before the error is thrown, so think it's more about estabilishing in precisely which conditions the m// operator loses it's ability to untaint and coming up with the most trivial demonstration of that we can. Sagar ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
