Hi Perrin, Thanks for your response.
> -----Original Message----- > From: Perrin Harkins [mailto:[EMAIL PROTECTED] > Sent: 26 March 2007 16:12 > To: Shah, Sagar: IT (LDN) > Cc: modperl@perl.apache.org > Subject: Re: "Insecure dependency in eval while running setgid" error > > On 3/26/07, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > The most interesting thing, as I said earlier, is that the > behaviour is > > not consistent. If I hit one mod_perl page many many times then > > eventually I'll get the Insecure Dependency error when I hit a > > completely _separate_ mod_perl page. > > It sounds to me like somewhere in the code you're running, someone is > trying to set the group ID. It wouldn't surprise me at all to find > that some common CPAN module you use breaks taint mode. My > recommendation would be to grep all the code you use in your server > for anything that might be trying to set the group. Thanks for the suggestion. Unfortunately I've found no relevant reference to setgid/gid in my code, my installed cpan code or the CPAN modules that have come bundled with Perl. Of course that's not to say a module I've installed isn't calling some complied c code by way of an xs module that's doing a setgid. > Alternatively, if you can run your server in single-process mode and > come up with a repeatable series of steps that cause the error, you > can work back from the point where you saw the error until you find > the offending code. Yes, httpd -X is a good idea. I should have thought of that before. I'll give that a go and report back to the list. Thanks for everyone's help so far, please do keep the suggestions coming. Regards Sagar > > - Perrin > =ANYTHING+BELOW+THIS+LINE+WAS+ADDED+AFTER+I+HIT+SEND= ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
