Ken Williams wrote:
>
> On Sunday, April 28, 2002, at 01:47 PM, Stas Bekman wrote:
>
>> Ken, CWD.pm, has always suffered from taint problems. This problem has
>> been fixed in the bleadperl, try this patch:
>>
>> --- /tmp/Cwd.pm Sun Apr 28 11:44:38 2002
>> +++ /home/stas/perl.org/perl-5.6.1/lib/Cwd.pm Fri Sep 14 17:09:10 2001
>> @@ -89,7 +89,6 @@
>> # The 'natural and safe form' for UNIX (pwd may be setuid root)
>>
>> sub _backtick_pwd {
>> - local @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
>> my $cwd = `pwd`;
>> # `pwd` may fail e.g. if the disk is full
>> chomp($cwd) if defined $cwd;
>
>
> This still fails, because it won't find `pwd` without a path.
it does solve the problem on linux. Ken, can you test the bleadperl?
This fix was applied as a solution. If `pwd` doesn't work for you, that
sucks! Meaning that the problem wasn't fixed in bleadperl :( Can you
check the recent Cwd thread on p5p (started by me) and try running cwd.t
under -T?
> If I also
> do "$ENV{PATH} = '/bin';" after that, the server gets farther before
> failing (this is with a fully static build - I'm giving up on APACI for
> now, I get link errors there). Now I get this error in t/logs/error_log:
>
> ============
> Insecure dependency in eval while running with -T switch.
> Callback called exit.
> ============
>
> Doesn't exactly tell me where to start looking for the error, anyone
> have hints? The above is the entire contents of the log.
Doug has started fixing this problem, but didn't finish. See:
http://marc.theaimsgroup.com/?t=101880934700003&r=1&w=2
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
