On Mon, 2019-02-25 at 11:08 +0800, service wrote:
> exec head -n 1 bin/* libexec/* in nfsen 1.3.8 , no any find -T. any
> other piont was missing.
>
> [root@localhost nfsen1.3.8]# head -n1 bin/* libexec/*
[... no "-T" flags in any shebangs ...]
Well something makes Perl run with -T set. The specific "system" call
that starts nfsend is in libexec/NfSenRC.pm line 237. It executes the
"nfsend" script in "$BINDIR" from nfsen.conf. It's just a regular
execution where the operating system takes care of finding the correct
interpreter et cetera.
Perl will automatically enable taint checking if the real and effective
user or group IDs are different. Any chance the files have setuid
enabled and are owned by someone other than root?
cd ~nfsen/
fgrep -Zl "bin/perl" bin/* libexec/* | xargs -0 ls -l
Are there any lines where the permissions have "s" in them? They should
just be "-rwxr-xr-x." (0755) all of them after a regular install. Here
is an example of how it shouldn't look:
-rwxr-xr-x. 1 root apache 18378 Jan 14 16:13 libexec/NfSenRRD.pm
-rwsr-sr-x. 1 root apache 10211 Jan 14 16:13 libexec/Nfsources.pm
^ ^
--
Peter
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
