Randal L. Schwartz wrote:
>>"Jonathan" == Jonathan Vanasco <[EMAIL PROTECTED]> writes:
>
>
> Jonathan> Randal didn't raise an report an new security threat -- he re-
> Jonathan> categorized an active bug discussion as a security threat.
>
> Just for the record, I'm now clear (thanks to new
> "Jonathan" == Jonathan Vanasco <[EMAIL PROTECTED]> writes:
Jonathan> Randal didn't raise an report an new security threat -- he re-
Jonathan> categorized an active bug discussion as a security threat.
Just for the record, I'm now clear (thanks to new information) that I handled
this poorly
On Monday 26 March 2007, Anthony Gardner wrote:
> This is MP2 ... actually RHE 1.99. We have compiled a test MP2 but
> still get seg faults.
Ah, that's possibly not actually MP2. RH shipped a pre-release version of MP,
and there were a lot of changes and bug fixes after that point (includ
On 3/26/07, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Careful with FUD, threading by definition is lighter weight than processes,
although the older Linux threads certainly didn't measure up.
We're not talking about Linux threads or apache threaded MPMs in
general here. The issue is Perl
On Mar 26, 2007, at 12:25 PM, Perrin Harkins wrote:
That's easy to say in this specific case, since the actual threat is
so tiny that it didn't make much difference. You guys probably
wouldn't think it was such a good idea if it had been a more serious
exploit and someone had used it to compro
Nothing means .. not working. It's not entering the called script.
As for $r, the $self is actually a WWW::Utils package and some of the routines
within that package call on Apache->request when running under MP. Nothing gets
stored.
I know the called CGI script is passed $r but I thoug
Perrin Harkins wrote:
> On 3/26/07, Frank Wiles <[EMAIL PROTECTED]> wrote:
>> > Further, what success have people had using threading with mod_perl2,
>> > using MPM_WORKER?
>>
>>Other than for some testing of modules I haven't found a need to use
>>either the threaded or worker MPMs.
>
> I
This is MP2 ... actually RHE 1.99. We have compiled a test MP2 but
still get seg faults.
Am not at work now but will look at this further tomorrow.
Torsten Foertsch <[EMAIL PROTECTED]> wrote: On Monday 26 March 2007 17:51,
Anthony Gardner wrote:
> As for the $r, it's coming from Apac
Perrin Harkins wrote:
On 3/26/07, Torsten Foertsch <[EMAIL PROTECTED]> wrote:
switch to mp2. It's much more stable.
I'm not aware of any stability issues in mp1. Switch to mp2 if you
want the new features. You don't need to switch for stability.
In addition to new features, there is a spee
On 3/26/07, Torsten Foertsch <[EMAIL PROTECTED]> wrote:
switch to mp2. It's much more stable.
I'm not aware of any stability issues in mp1. Switch to mp2 if you
want the new features. You don't need to switch for stability.
- Perrin
> > Alternatively, if you can run your server in single-process mode and
> > come up with a repeatable series of steps that cause the error, you
> > can work back from the point where you saw the error until you find
> > the offending code.
>
>
> Yes, httpd -X is a good idea. I should have thou
On 3/26/07, Frank Wiles <[EMAIL PROTECTED]> wrote:
> Further, what success have people had using threading with mod_perl2,
> using MPM_WORKER?
Other than for some testing of modules I haven't found a need to use
either the threaded or worker MPMs.
I'd second that. The general advice is
On 3/26/07, Robert Landrum <[EMAIL PROTECTED]> wrote:
Despite the (perceived) violation of protocol, Randal's message did
light a fire under the asses of a lot of mod_perl developers, and made
known a potential security issue. I'd say that's mission accomplished.
That's easy to say in this spe
On 3/26/07, Anthony Gardner <[EMAIL PROTECTED]> wrote:
The script is running under ModPerlRegistry but nothing is happening.
What's your definition of "nothing" in this case?
So, am I right in now thinking, because my cgi script gets wrapped by a
handler, it's considered a content handler?
On Monday 26 March 2007 17:51, Anthony Gardner wrote:
> As for the $r, it's coming from Apache->request()
So, it's mp1 then. Set PerlSendHeader to On then try the approach given in my
previous mail. I don't know for sure because I have switched to mp2 several
years ago.
> but we are
> experi
On 3/26/07, Torsten Foertsch <[EMAIL PROTECTED]> wrote:
Not entirely true, a CGI script (mod_cgid?) can generate an internal redirect
saying
Status: 200
Location: /path/to/other.html
Both mod_cgi and mod_cgid contain this code:
if (location && location[0] == '/' && r->status == 200) {
The script is running under ModPerlRegistry but nothing is happening. After
posting this problem, I read that internal_redirect can only be called from a
content handler.
So, am I right in now thinking, because my cgi script gets wrapped by a
handler, it's considered a content handler? If so
On Monday 26 March 2007 16:57, Perrin Harkins wrote:
> On 3/26/07, Anthony Gardner <[EMAIL PROTECTED]> wrote:
> > Can I only use internal_redirect in handlers or is it possible to use it
> > within a cgi script calling another cgi script?
>
> If by "CGI script" you mean something running ModPerl::R
Chris Shiflett wrote:
That's a weak defense. If you're a proponent of full disclosure, say so,
but don't use ignorance as your defense in the same email where you
claim to not be a "dumb guy."
I am a dumb guy, and I would have done the exact same thing Randal did.
I just don't think about s
On Fri, 23 Mar 2007 17:06:18 -0400
Jason Rosenberg <[EMAIL PROTECTED]> wrote:
> I¹m just wondering what the mod_perl intelligencia thinks about the
> choice between using mod_perl1 vs. mod_perl2
>
> Is there a reason not to go with the newer mod_perl2 (and Apache2, of
> course). Is it stable
Hi Perrin,
Thanks for your response.
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 26 March 2007 16:12
> To: Shah, Sagar: IT (LDN)
> Cc: modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
>
> On 3/26/07, [EMAI
On 3/26/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
The most interesting thing, as I said earlier, is that the behaviour is
not consistent. If I hit one mod_perl page many many times then
eventually I'll get the Insecure Dependency error when I hit a
completely _separate_ mod_perl page.
It
On 3/26/07, Anthony Gardner <[EMAIL PROTECTED]> wrote:
Can I only use internal_redirect in handlers or is it possible to use it
within a cgi script calling another cgi script?
If by "CGI script" you mean something running ModPerl::Registry, then
yes, it works fine. If you mean a perl program c
Hi Charlie,
Thanks for your response.
I'm afraid I don't use the Taint module. It's not even in my @INC so I'm
reasonably certain that I'm not using it indirectly either.
The fact that there's more than one person running into this issue
raises there the chance there is a bug somewhere in mod_p
Answering my own question . yes, it can only be called from content
handlers.
But any advice on how I can achielve the same result from with cgi scrupts
would be great.
Thank you.
Anthony Gardner <[EMAIL PROTECTED]> wrote: Can I only use internal_redirect in
handlers or is it possible
Hi,
I recently ran into a similiar situation, which I asked about on this list
(message subject "inconsistent taint check results").
Do you by any chance "use Taint;" (Taint-0.09) ? I found that when I stopped
using that, the problem went away.
Just a guess.
Regards,
Charlie Katz
On Mon
Can I only use internal_redirect in handlers or is it possible to use it within
a cgi script calling another cgi script? All the docs I've seen have used
handlers . I want to do something different ;)
As you know, OK has to be returned immediatly after the internal_redirect so
that's te
I did. I was able to look it up using the short name, and the FQDN.
Anyway, I had to go with another solution (mod_auth_kerb)
On 3/25/07, Aaron Browne <[EMAIL PROTECTED]> wrote:
I am pretty sure the NONCE error occurs when the domain controller names
cannot be resolved. Did you try nslookup etc
Joshua Hoblitt wrote:
> It seems that compat.pm isn't 'use strict' clean even thou it is
> declaring this pragma.
>
> # Error: Bareword "Apache2::ServerUtil::server_root" not allowed
> while "strict subs" in use at
> /usr/lib/perl5/site_perl/5.8.8/i686-linux/Apache2/compat.pm line 347,
> lin
Hi All,
I'm getting some quite perplexing behaviour from my application under
mod_perl and so far I haven't been able to find the cause of the issue.
I'm finding that pages which load perfectly fine under mod_perl most of
the time, sometimes fail with the error "Insecure dependency in eval
while
30 matches
Mail list logo
