John Peacock wrote:
Pascal Dreissen wrote:
@40000000430f887620ab0f5c 2470 FATAL PLUGIN ERROR: Insecure
dependency in exec while running with -T switch at
./plugins/queue/qmail-queue line 106, <STDIN> line 11.
You haven't given us much to go on. What version of Perl are you
running? Are you passing the location of qmail-queue on the
config/plugins line?
v5.8.0
Yes,
queue/qmail-queue /var/qmail/bin/qmail-queue
Here is where the code is failing (with the significant few lines before):
# Untaint $self->{_queue_exec}
my $queue_exec = $self->{_queue_exec};
if ($queue_exec =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) {
$queue_exec = $1;
} else {
$self->log(LOGERROR, "FATAL ERROR: Unexpected characters in
qmail-queue plugin argument");
# This exit is ok as we're exiting a forked child process.
exit 3;
}
....skip...
==> my $rc = exec $queue_exec;
which _should_ work (barring something strange in your system). You
might want to add the following directly after the first block above (at
line 95 for example).
use Scalar::Util;
$self->log(LOGEMERG, "queue_exec still tainted!")
if tainted($queue_exec);
HTH
John
Ok, i am not a perl programmer, so this stuff is way over for me. I
haven't have the slightest idea what tainted means or even sanitised.
How come that this happens on my new system, where it didn't on my old one ?
Thanks for your help!
Grtz,
Pascal!
