Hi Charlie, Thanks for your response.
I'm afraid I don't use the Taint module. It's not even in my @INC so I'm reasonably certain that I'm not using it indirectly either. The fact that there's more than one person running into this issue raises there the chance there is a bug somewhere in mod_perl. I'm just not sure how I can produce a simple test case for this. Like yourself, I've been using my mod_perl setup for some months without any problems. It's only as we've been porting a new page to mod_perl and seeing a higher volume of requests that this has become a visible issue. Like yourself doing a graceful restart calms the issue for a while, but it does return. Mod_perl gurus/developers - any ideas? Sagar > -----Original Message----- > From: Charlie Katz [mailto:[EMAIL PROTECTED] > Sent: 26 March 2007 15:20 > To: modperl@perl.apache.org > Cc: Shah, Sagar: IT (LDN) > Subject: Re: "Insecure dependency in eval while running setgid" error > > Hi, > > I recently ran into a similiar situation, which I asked about > on this list > (message subject "inconsistent taint check results"). > > Do you by any chance "use Taint;" (Taint-0.09) ? I found > that when I stopped > using that, the problem went away. > > Just a guess. > > Regards, > Charlie Katz > > > On Monday 26 March 2007 7:44 am, [EMAIL PROTECTED] wrote: > > I'm getting some quite perplexing behaviour from my > application under > > mod_perl and so far I haven't been able to find the cause > of the issue. > > > > I'm finding that pages which load perfectly fine under > mod_perl most of > > the time, sometimes fail with the error "Insecure dependency in eval > > while running setgid". > > ... > > And the preceding lines untaint $block completely: > > > > # DON'T LOOK NOW! - blindly untainting can make you > go blind! > > $block =~ /(.*)/s; > > $block = $1; > > -- > Charlie Katz > Harvard-Smithsonian Center for Astrophysics > [EMAIL PROTECTED] > ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
