RE: Insecure dependency errors
> -Original Message- > From: Stas Bekman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 03, 2001 11:56 PM > To: Cees Hek > Cc: Barry Veinotte; [EMAIL PROTECTED] > Subject: Re: Insecure dependency errors > > > On Fri, 4 May 2001, Cees Hek wrote: > > > On Thu, 3 May 2001, Barry Veinotte wrote: > > > > > [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while > > > running with -T switch at >/usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472. > > > > The scripts using the .pm are running under Apache::Registry and have been >running > > > fine. Then last night a "major" upgrade was done to the servers. Now the scripts >are > > > dying with this error. None of them are running -T I don't think any on the >server are, > > > and know none under Apache::Registry are. > > > > Only Apache::Registry scripts are being affected. Anyone have any ideas as to > > > where I could start looking? > > % perldoc perlsec > > > Check your Apache config files for PerlTaintCheck On, and check all your > > registry scripts for the -T switch. Also, taint checking is automatically > > turned on when scripts are run setuid (I don't know if that can affect > > Registry scripts, but it's probably worth checking the file permissions on > > all your scripts and modules) > > -T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for > setuid, Apache::Registry scripts aren't executed as plain perl scripts. > Instead they are being read as plain files, placed into the handler() > function (and the package) and only then executed. > > See: http://perl.apache.org/guide/porting.html#Taint_Mode > _ > Stas Bekman JAm_pH -- Just Another mod_perl Hacker > http://stason.org/ mod_perl Guide http://perl.apache.org/guide > mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/ > http://singlesheaven.com http://perl.apache.org http://perlmonth.com/ > Thanks for the words of wisdom Gents. These errors were not occuring before the admins did their "major upgrade" so I knew the code was okay. However, after verifying a few times that there was nothing setuid or containg a -T switch, and wasting a day and a half on searching for the cause of these senseless errors, I found a fix. REBOOT I still don't know why mod_perl thought I was throwing a -T at it, but rebooting the box shook it loose. Doh! Barry
Insecure dependency errors
Hi People. This is a strange problem, and I am not even sure if it is directly related to mod_perl or not, but since there has been a couple guys on this for a couple of hours now with no answers, I thought I woud check to see if anyone has seen such errors: [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472. The scripts using the .pm are running under Apache::Registry and have been running fine. Then last night a "major" upgrade was done to the servers. Now the scripts are dying with this error. None of them are running -T I don't think any on the server are, and know none under Apache::Registry are. Only Apache::Registry scripts are being affected. Anyone have any ideas as to where I could start looking? Thanks, and if it turns out to not be related to mod_perl, I apologize :-) I am about to suggest reinstalling Perl ... Barry _____ Barry Veinotte Veinotte.com International, Inc. E-Mail: [EMAIL PROTECTED] Phone: 709.282.3233 http://www.veinotte.com http://ad-eagle.com http://pass-iton.com Software isn't released, it's allowed to escape. _
File handles in mod_perl
Hi Folks,
I received some tips from an admin on a server where I am attempting
to get a program running under mod_perl using Apache::Registry
All was well for a few weeks, and then data files began to be corrupted
again... One of the items that was passed on to me was ( as below) regarding
global variables. I am confident that there are no evil globals left, but I don't
understand ( or don't want to believe ) what he told me about file handles.
> #1. GLOBAL VARIABLES. Most perl programmers neglect to use my for
> every variable type. And even if they can be broken of this bad habit they
> continue to use global globs (as used with the open(FI, " Solution? use the FileHandle module;
> use FileHandle;
>
> then convert code that looks like this:
> open(FI, " my $line=;
> close(FI);
> to this:
> my $fi = new FileHandle " $fi->getline(); # or <$fi>
> $fi->close(); # or ignore it; PERL has garbage collection...
>
> you SHOULD also be able to simply use:
> my *FI;
> but... that looks really silly...
I have read the following in the guide:
::Output of system, exec and open PIPE, "|program" calls will not be sent
::to the browser unless you Perl was configured with sfio.
I am not sending the output to the browser, but opening sendmail like so
open (MAIL, "|$mail_program") || die "Could Not Open Mail Program: $!"; is
not working. That I can work out. However, is this true about regular opens
on files?
I use a lot of basic file opens like so:
open(CUSTOMERS,"<$c{globals}{root_dir}/admin/customers.txt") or die "Can't open the
customers list: $!";
Besides die being a bad thing, is this gentleman right to tell me
I have to loose my file opens and go with FileHandle ??
Any help would be Greatly appreciated.
Frustration is running high on this one.
Thanks,
Barry
RE: Undefined subroutine
I may have found the answer http://perl.apache.org/dist/cgi_to_mod_perl.html the perl version is 5.003 and from what I have read in the guide 5.003 and mod_perl don't make life easy for cgi scripts. Would my problems be taken care of if Perl were upgraded to 5.004 ? Is there any hope of getting things running properly with 5.003? Barry > -Original Message- > From: Barry Veinotte [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 28, 2000 2:44 PM > To: [EMAIL PROTECTED] > Subject: Undefined subroutine > > > Hi folks, > > I am trying to get a program to run under mod_perl using Apache::Registry > and am getting the following error: > > Undefined subroutine &Apache::ROOT::cgi_2dbin::ads1::ads_2epl::handler > called at /usr/lib/perl5/site_perl/5.005/i386-linux/Apache/Registry.pm line 135. > > I am working with Red Hat Linux 6.2 > > I am totally new to this, and have no idea what this error is telling me. > If someone could point me in the right direction I would greatly appreciate it. > > Thanks, > Barry > > >
Undefined subroutine
Hi folks, I am trying to get a program to run under mod_perl using Apache::Registry and am getting the following error: Undefined subroutine &Apache::ROOT::cgi_2dbin::ads1::ads_2epl::handler called at /usr/lib/perl5/site_perl/5.005/i386-linux/Apache/Registry.pm line 135. I am working with Red Hat Linux 6.2 I am totally new to this, and have no idea what this error is telling me. If someone could point me in the right direction I would greatly appreciate it. Thanks, Barry
