Craig A. Berry wrote:
If the problem only happened when building extensions then, yes, there would be a simple workaround. However, to my knowledge, I am not violating any tainting rules. For example, something as simple as the following will abort simply because the process issuing it owns a subsystem rights identifier:At 8:36 PM -0600 3/18/07, Mark Berryman wrote:Craig A. Berry wrote:A protected subsystem identifier can trigger tainting more or less like running with -T on the command line.That was the ticket. The process on the malfunctioning system has a protected subsystem rights identifier that does not exist on the working system. That being the case, what is the fix? Removing that rights identifier is not really an option.If what you are doing is building extensions, then perhaps you could build and install them using a different account from the one that has the subsystem identifier. You might still run into trouble running scripts, but there is really no way around that without either following the tainting rules or hacking out the security model. Read more about tainting in perlsec.pod.
$ perl -"MExtUtils::Installed" -e -
_$ "$m=ExtUtils::Installed->new(); print join qq{\n}, $m->modules();"
Insecure dependency in chdir while running with -T switch at
/perl_root/lib/File/Find.pm line 832.
%RMS-E-DNF, directory not found -NONAME-W-NOMSG, Message number 00000000Delete that rights identifier (which is not in any way used or referenced by the above command) and the command executes without issue. This sounds like a bug in Perl to me. I get random aborts when running perl scripts and it turns out to be caused by whether or not the user running the script has been granted a subsystem rights identifier. I can't delete the rights but I do need the perl scripts to work.
Mark Berryman
