First thank a lot for Geoffrey's reply to my previous question.
Here I have a very complicated problem that I want to share with you and seeking some opinion.
I am using RedHat 9.0. Somehow, some of my perl packages could not be made
(the routine perl Makefile.PL generates garbage owing to the character problem)
RedHat was using perl 5.8.0. I remade perl 5.8.4 from source, then reinstalled mod_perl.
One part that is related to this problem is the setgid(). In the process of configuring Perl, the configurator
said I my setgid is not secure. I don't remember whether I answered yes or no to simulated setuid.
Because the configurator did not recomand the simulation, I may not have done so.
The following is from the Perl Doc ======================= suidperl suidperl is an optional component, which is built or installed by default. From perlfaq1:
On some systems, setuid and setgid scripts (scripts written in the C shell, Bourne shell, or Perl, for example, with the set user or group ID permissions enabled) are insecure due to a race condition in the kernel. For those systems, Perl versions 5 and 4 attempt to work around this vulnerability with an optional component, a special program named suidperl, also known as sperl. This program attempts to emulate the set-user-ID and set-group-ID features of the kernel.
Because of the buggy history of suidperl, and the difficulty of properly secu-
rity auditing as large and complex piece of software as Perl, we cannot recom-
mend using suidperl and the feature should be considered deprecated. Instead
use for example ’sudo’: http://www.courtesan.com/sudo/
=================================
The perl works fine on my system.
When I run perl programs through apaches, whenever the program used or its module uses Socket.pm
for example database connections using sockets, my web application through mod_perl will not work
giving the following error message:
[Tue Jun 22 11:18:05 2004] [error] 2764: ModPerl::Registry: Insecure dependency
in connect while running setgid at /usr/lib/perl5/5.8.4/i686-linux-thread-multi-ld/IO/Socket.pm line 114.
I solved problem by commenting out the taint checking line in httpd.conf #PerlTaintCheck On
Now my scripts can run.
This is not a solution to the problem; it is a go around the problem.
My question is what is the solution to this problem? Do I remake perl with the simulation setgid() option?
I search the web and did not find solution to this problem; Just saw other people have the
same problem.
Kemin
********************************************************************** Proprietary or confidential information belonging to Ferring Holding SA or to one of its affiliated companies may be contained in the message. If you are not the addressee indicated in this message (or responsible for the delivery of the message to such person), please do not copy or deliver this message to anyone. In such case, please destroy this message and notify the sender by reply e-mail. Please advise the sender immediately if you or your employer do not consent to e-mail for messages of this kind. Opinions, conclusions and other information in this message represent the opinion of the sender and do not necessarily represent or reflect the views and opinions of Ferring. **********************************************************************
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
