[users@httpd] Problems w/ suExec

["Stine, Matt" <Ma...@stjude.org>]

Hello all.  I'm attempting to configure the web application PISE for use
on our Linux cluster.  For those of you not familiar w/ the program, it
builds web interfaces to common bioinformatics applications through XML.
These web UI's are implemented in perl CGI.
 
I have built C wrappers for these applications so that I can setuid to
the user who submitted the job for accounting purposes.  I'm
continuously getting the following error message to STDERR:
 
Insecure $ENV{PATH} while running setuid at
/home/web/html/Pise/tmp/revseq/A26756106797792/script line 121.
 
My first question would be:  Is this an error message related to suExec?
 
My second question: If so, what should I be looking at to address this
problem?
 
Thanks!
 
Matt Stine
Software Engineer
Hartwell Center for Bioinformatics and Biotechnology
St. Jude Children's Research Hospital
332 N. Lauderdale St.
Memphis, TN 38105
901.495.4602
901.495.5108 Fax
901.495.3578 #1314 Pager
matt.stine@stjude.org <ma...@stjude.org> 
 

Re: [users@httpd] Problems w/ suExec

[André Malo <nd...@perlig.de>]

* "Stine, Matt" <Ma...@stjude.org> wrote:

> Insecure $ENV{PATH} while running setuid at
> /home/web/html/Pise/tmp/revseq/A26756106797792/script line 121.
>  
> My first question would be:  Is this an error message related to suExec?

No. It's from perl, which was started in taint-checking mode. In this mode you
have to set ENV{PATH} to a fixed and trusted value (besides other things). See
`perldoc perlsec` for details.

nd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org