At 8:36 PM -0600 3/18/07, Mark Berryman wrote: >Craig A. Berry wrote: >> A protected subsystem >>identifier can trigger tainting more or less like running with -T on >>the command line. >> >That was the ticket. The process on the malfunctioning system has a protected >subsystem rights identifier that does not exist on the working system. That >being the case, what is the fix? Removing that rights identifier is not >really an option.
If what you are doing is building extensions, then perhaps you could build and install them using a different account from the one that has the subsystem identifier. You might still run into trouble running scripts, but there is really no way around that without either following the tainting rules or hacking out the security model. Read more about tainting in perlsec.pod. -- ________________________________________ Craig A. Berry mailto:[EMAIL PROTECTED] "... getting out of a sonnet is much more difficult than getting in." Brad Leithauser