[splitting the thread in two]
Stas Bekman wrote:
Steve Baldwin wrote:
I've got Apache2 installed and as far as I can tell, it is functional.
I'm trying to build mod-perl from source (as I couldn't find any
binaries for cygwin). When I initially ran the command :
perl Makefile.PL
On Tue, 24 Apr 2001, Jamie Krasnoo wrote:
I recently got this error:
Insecure dependency in eval while running with -T switch.
Callback called exit.
Now, yes that tells me that something is wrong. What it doesn't tell me is
where the problem is except for the fact that its somewhere in
if you can reproduce at will, use gdb:
% gdb httpd
(gdb) source mod_perl-x.xx/.gdbinit
(gdb) b Perl_croak
(gdb) run -X
run request that causes error ...
(gdb) where
stack printed here ...
(gdb) curinfo
perl filename:linenumber printed here ...
On Thu, 14 Jun 2001, Rob Bloodgood wrote:
Seriously, tho, do you think you could come up with a short list of
definitions for those macros? I was pretty excited to see them, once,
except that I couldn't make them work. sigh Even a comment w/ a usage:
AvFILL(address)
most of them (the C
I recently got this error:
Insecure dependency in eval while running with -T switch.
Callback called exit.
Now, yes that tells me that something is wrong. What it doesn't tell me is
where the problem is except for the fact that its somewhere in the current
module that's being run. Is there a
On Tue, 24 Apr 2001, Jamie Krasnoo wrote:
I recently got this error:
Insecure dependency in eval while running with -T switch.
Callback called exit.
Now, yes that tells me that something is wrong. What it doesn't tell me is
where the problem is except for the fact that its somewhere in
I hope this can help you:
http://www.gunther.web66.com/FAQS/taintmode.html
--Original Message--
From: "Herrington, Jack" [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED]
Sent: October 2, 2000 5:23:51 PM GMT
Subject: RE: Taint
4) How do I check the
I hope this can help you :
http://www.gunther.web66.com/FAQS/taintmode.html
--Original Message--
From: "Herrington, Jack" [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED]
Sent: October 2, 2000 5:23:51 PM GMT
Subject: RE: Taint
4) How do I check the
Thanks. :)
Although I am not sure if this will help the person in question... I think
that persistent Perl seems to run into some odd/interesting issues where
taint mode is triggered in some odd ways. I've never encountered it myself
but I've heard from others that there is some weird stuff
A couple of questions about taint checking.
1) What is the default taint check setting?
2) Does compiling mod_perl with EVERYTHING=1 make a difference to the taint
setting?
3) Does 'PerlTaintCheck Off' actually work?
4) How do I check the taint setting at run-time from a perl handler?
Thanks
-Original Message-
From: Herrington, Jack [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 12:59 PM
To: '[EMAIL PROTECTED]'
Subject: Taint
A couple of questions about taint checking.
1) What is the default taint check setting?
off
2) Does compiling mod_perl
4) How do I check the taint setting at run-time from a perl handler?
I'm not sure that you can. PerlTaintCheck On or Off applies to all perl
scripts/handlers...
see http://perl.apache.org/guide/porting.html#Taint_Mode
The problem that I am having is that I am getting taint errors in mason
"HJ" == Herrington, Jack [EMAIL PROTECTED] writes:
HJ Is there a way to enable and disable taint checking at run-time?
No; taint mode is a Perl compile time decision.
Compile-time? You mean, when I compile Perl 5.6 I can permanently disable
taint checking?
-Original Message-
From: Vivek Khera [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 11:04 AM
To: Herrington, Jack
Cc: '[EMAIL PROTECTED]'
Subject: RE: Taint
"HJ" == Herrin
no, the other compile time :)
see camel 3rd ed chapter 18 for compile v run-time distinctions, esp p467
--Geoff
-Original Message-
From: Herrington, Jack [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 2:05 PM
To: 'Vivek Khera'
Cc: '[EMAIL PROTECTED]'
Subject: RE: Taint
"HJ" == Herrington, Jack [EMAIL PROTECTED] writes:
HJ Compile-time? You mean, when I compile Perl 5.6 I can permanently disable
HJ taint checking?
No, when your perl code is compiled, just prior to it being run.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
On Mon, 4 Sep 2000, Michael Blakeley wrote:
I've been running with AP616 and Taint On for three days now, and it
seems to have fixed my problems. I hope so. I really hope so.
still looking good? would be good to know if this isn't a problem on the
mod_perl side :)
At 11:52 AM -0700 9/27/2000, Doug MacEachern wrote:
On Mon, 4 Sep 2000, Michael Blakeley wrote:
I've been running with AP616 and Taint On for three days now, and it
seems to have fixed my problems. I hope so. I really hope so.
still looking good? would be good to know if this isn't
with PerlTaintCheck on, and I've read perlsec.
My PATH is ''. How can I find out where this insecure dependency
_is_, so I can turn taint back on? The timestamp tells me which
script failed, and it uses a whole slew of modules.
use strict;
use Apache::Constants qw/:http/;
use
I see intermittent Apache error_log entries like:
[Mon Jul 24 04:08:02 2000] [error] Insecure dependency in require
while running with -T switch at (eval 85) line 3.
...
I suspect MIME::Lite, but the code won't work if I remove it
Yes, MIME::Lite needs special treatment to be taint-safe
, MIME::Lite needs special treatment to be taint-safe. Get the latest
version from CPAN, then do a 'perldoc taint'. I submitted a patch to the
author which he has documented, that enables a taint-safe mode.
cpan i MIME::Lite
Module id = MIME::Lite
DESCRIPTION Single module for composing
I'm only passing scalar text to MIME::Lite - no file attachments, so
it shouldn't open(). Anyway, if it were, why don't I see "Insecure
dependency in open" instead of "...in require"?
Yes, good point. The open() is only used for sendmail, not for Net::SMTP
anyway.
Perhaps you need to add
ad perlsec.
My PATH is ''. How can I find out where this insecure dependency
_is_, so I can turn taint back on? The timestamp tells me which
script failed, and it uses a whole slew of modules.
use strict;
use Apache::Constants qw/:http/;
use LWP;
use tuner;
At 10:49 AM -0500 7/3/2000, Matt Carothers wrote:
On Sun, 2 Jul 2000, Michael Blakeley wrote:
This is just plain weird. My last resort was to turn taint off:
$ ls -l logs/httpd.pid
-rw-rw-rw- 1 root other 6 Jul 2 19:23 logs/httpd.pid
$ grep -i taint conf/httpd.conf
m
seeing intermittent taint errors like
[Sat Jul 1 18:50:13 2000] [error] PerlRun: `Insecure dependency in
require while running with -T switch at /foo.pl line 5.
MB This is just plain weird. My last resort was to turn taint off:
I've had to do that on a production server as well. The development
"MB" == Michael Blakeley [EMAIL PROTECTED] writes:
box *used* to work fine with taint checks, and then suddenly one day
decided to stop working.
MB What platform and version of perl do you use? Perhaps there's a
MB correlation.
Perl 5.004_04 on BSD/OS 4.0, and perl 5.005_02 on S
With perl 5.6.0, Solaris 2.6, apache 1.3.9, and mod_perl 1.24, I'm
seeing intermittent taint errors like
[Sat Jul 1 18:50:13 2000] [error] PerlRun: `Insecure dependency in
require while running with -T switch at /foo.pl line 5.
head -6 foo.pl shows:
#!perl
use Apache::Constants qw/:http
At 2:00 PM -0700 7/2/2000, Michael Blakeley wrote:
With perl 5.6.0, Solaris 2.6, apache 1.3.9, and mod_perl 1.24, I'm
seeing intermittent taint errors like
[Sat Jul 1 18:50:13 2000] [error] PerlRun: `Insecure dependency in
require while running with -T switch at /foo.pl line 5.
head -6 foo.pl
There is a remote possibility (I would have to test this at work) that your
command-line testing will never show a taint problem.
Because you are typing all the Perl commands in STDIN, and because STDIN,
is by its very definition tainted, you get a security paradox and Perl may
be turning off
At 3:37 PM -0700 7/2/2000, Michael Blakeley wrote:
At 2:00 PM -0700 7/2/2000, Michael Blakeley wrote:
With perl 5.6.0, Solaris 2.6, apache 1.3.9, and mod_perl 1.24, I'm
seeing intermittent taint errors like
[Sat Jul 1 18:50:13 2000] [error] PerlRun: `Insecure dependency in
require while
, Michael Blakeley wrote:
With perl 5.6.0, Solaris 2.6, apache 1.3.9, and mod_perl 1.24, I'm
seeing intermittent taint errors like
[Sat Jul 1 18:50:13 2000] [error] PerlRun: `Insecure dependency in
require while running with -T switch at /foo.pl line 5.
This is just plain weird. My last resort
( FH, $page ) )
Why didn't that open() trigger a taint error?
Tainting only triggers on write, not on read.
Yeah, but suppose $page contains 'rm -r /* |'. That could be bad news.
open() can do lots of stuff besides reading.
Then its not a read and the tainting rules apply.
-j
-Original Message-
From: Stas Bekman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 11, 2000 11:28 AM
To: John Walker
Cc: '[EMAIL PROTECTED]'
Subject: Re: Bad server, Bad server, down boy! (was RE: Hey,
that ain't
taint ed, is it?)
[...]
I think it's your perl, try to rebuild
33 matches
Mail list logo
