You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by pgndev <pg...@gmail.com> on 2016/06/14 18:17:53 UTC

sa-update taint-mode error: "Insecure dependency in require while running with -T switch at ..."?

I've installed a new instance of SA

    spamassassin -V
        SpamAssassin version 3.4.1
          running on Perl version 5.18.2

    module_info Mail::SpamAssassin Mail::SPF
        Name:        Mail::SpamAssassin
        Version:     3.004001
        Directory:   /usr/lib/perl5/site_perl/5.18.2
        File:        /usr/lib/perl5/site_perl/5.18.2/Mail/SpamAssassin.pm
        Core module: no

When I exec

    sa-update -D

it fails

    Insecure dependency in require while running with -T switch at
/usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/Base.pm line 570.
    BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/Base.pm line 570.
    Compilation failed in require at
/usr/lib/perl5/site_perl/5.18.2/base.pm line 100.
            ...propagated at /usr/lib/perl5/site_perl/5.18.2/base.pm line 109.
    BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/UNIX.pm line 18.
    Compilation failed in require at
/usr/lib/perl5/site_perl/5.18.2/base.pm line 100.
            ...propagated at /usr/lib/perl5/site_perl/5.18.2/base.pm line 109.
    BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver.pm line 22.
    Compilation failed in require at
/usr/lib/perl5/site_perl/5.18.2/Net/DNS.pm line 51.
    Compilation failed in require at /usr/bin/sa-update line 84.
    BEGIN failed--compilation aborted at /usr/bin/sa-update line 84.

changing

    edit /usr/bin/sa-update
-        #!/usr/bin/perl -T -w
+        #!/usr/bin/perl -w

avoids the problem, but doesn't fix it.

There's lots of old posts re: taint-mode issues; Did not find one yet re: this.

Known issue?  Fix available?

Or, need to simply remove the "-T" flag?

Re: sa-update taint-mode error: "Insecure dependency in require while running with -T switch at ..."?

Posted by pgndev <pg...@gmail.com>.

Sounds like the perl-bug fix(es) are preferred to any
'ArchiveIterator.pm' monkeying.

I've taken up the issue in a distro bug.

Thx for the reference/link!

Re: sa-update taint-mode error: "Insecure dependency in require while running with -T switch at ..."?

Posted by Mark Martinec <Ma...@ijs.si>.

On 2016-06-14 20:17, pgndev wrote:
> I've installed a new instance of SA
> 
>     spamassassin -V
>         SpamAssassin version 3.4.1
>           running on Perl version 5.18.2
> 
>     module_info Mail::SpamAssassin Mail::SPF
>         Name:        Mail::SpamAssassin
>         Version:     3.004001
>         Directory:   /usr/lib/perl5/site_perl/5.18.2
>         File:        
> /usr/lib/perl5/site_perl/5.18.2/Mail/SpamAssassin.pm
>         Core module: no
> 
> When I exec
>     sa-update -D
> 
> it fails
> 
>     Insecure dependency in require while running with -T switch at
> /usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/Base.pm line 570.
>     BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/Base.pm line 570.
>     Compilation failed in require at
> /usr/lib/perl5/site_perl/5.18.2/base.pm line 100.
>             ...propagated at /usr/lib/perl5/site_perl/5.18.2/base.pm 
> line 109.
>     BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver/UNIX.pm line 18.
>     Compilation failed in require at
> /usr/lib/perl5/site_perl/5.18.2/base.pm line 100.
>             ...propagated at /usr/lib/perl5/site_perl/5.18.2/base.pm 
> line 109.
>     BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.18.2/Net/DNS/Resolver.pm line 22.
>     Compilation failed in require at
> /usr/lib/perl5/site_perl/5.18.2/Net/DNS.pm line 51.
>     Compilation failed in require at /usr/bin/sa-update line 84.
>     BEGIN failed--compilation aborted at /usr/bin/sa-update line 84.
> 
> changing
> 
>     edit /usr/bin/sa-update
> -        #!/usr/bin/perl -T -w
> +        #!/usr/bin/perl -w
> 
> avoids the problem, but doesn't fix it.
> 
> There's lots of old posts re: taint-mode issues; Did not find one yet 
> re: this.
> 
> Known issue?  Fix available?
> 
> Or, need to simply remove the "-T" flag?


Removing a "-T" flag is merely a dirty temporary workaround.

The "Insecure dependency in require" (note the "in require")
is something that shouldn't normally be possible. It is likely
due to one of the perl bugs [perl #122669] or [perl #123880]
affecting perl 5.18, fixed in perl 5.20.2 and later.

See:
   https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7140

There may be a workaround for your case, but as I can't reproduce
it, you are on your own.

   Mark