On Sun, 2 Jul 2000, Michael Blakeley wrote:
> This is just plain weird. My last resort was to turn taint off:
>
> $ ls -l logs/httpd.pid
> -rw-rw-rw- 1 root other 6 Jul 2 19:23 logs/httpd.pid
> $ grep -i taint conf/httpd.conf
> #PerlTaintCheck On
> $ ls -l conf/httpd.conf
> -rw-r--r-- 1 root other 7437 Jul 2 17:22 conf/httpd.conf
>
> I'm not including any sort of startup.pl file. So taint is off, right?
Is the script running setuid or setgid? If the script's real and effective
uids or gids don't match, perl enables taint mode automatically. You might
add some debugging code to verify that $< == $> and $( == $).
- Matt
