You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Barry Veinotte <ba...@veinotte.com> on 2001/05/03 20:25:45 UTC

Insecure dependency errors

Hi People.

This is a strange problem, and I am not even sure if it is directly related
to mod_perl or not, but since there has been a couple guys on this for a
couple of hours now with no answers, I thought I woud check to see if 
anyone has seen such errors:

[Thu May  3 15:06:57 2001] [error] Insecure dependency in open while 
running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.

The scripts using the .pm are running under Apache::Registry and have been running
fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
dying with this error. None of them are running -T   I don't think any on the server are,
and know none under Apache::Registry are.

Only Apache::Registry scripts are being affected. Anyone have any ideas as to 
where I could start looking?

Thanks, and if it turns out to not be related to mod_perl, I apologize :-)
I am about to suggest reinstalling Perl ...

Barry

_________________________________________________________
Barry Veinotte
Veinotte.com International, Inc.
E-Mail: Barry@veinotte.com
Phone: 709.282.3233
http://www.veinotte.com http://ad-eagle.com http://pass-iton.com

Software isn't released,  
			it's allowed to escape.
_________________________________________________________

RE: Insecure dependency errors

Posted by Barry Veinotte <ba...@veinotte.com>.

> -----Original Message-----
> From: Stas Bekman [mailto:stas@stason.org]
> Sent: Thursday, May 03, 2001 11:56 PM
> To: Cees Hek
> Cc: Barry Veinotte; modperl@apache.org
> Subject: Re: Insecure dependency errors 
> 
> 
> On Fri, 4 May 2001, Cees Hek wrote:
> 
> > On Thu, 3 May 2001, Barry Veinotte wrote:
> >
> > > [Thu May  3 15:06:57 2001] [error] Insecure dependency in open while
> > > running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
> 
> > > The scripts using the .pm are running under Apache::Registry and have been running
> > > fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> > > dying with this error. None of them are running -T   I don't think any on the server are,
> > > and know none under Apache::Registry are.
> 
> > > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > > where I could start looking?
> 
> % perldoc perlsec
> 
> > Check your Apache config files for  PerlTaintCheck On, and check all your
> > registry scripts for the -T switch.  Also, taint checking is automatically
> > turned on when scripts are run setuid (I don't know if that can affect
> > Registry scripts, but it's probably worth checking the file permissions on
> > all your scripts and modules)
> 
> -T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
> setuid, Apache::Registry scripts aren't executed as plain perl scripts.
> Instead they are being read as plain files, placed into the handler()
> function (and the package) and only then executed.
> 
> See: http://perl.apache.org/guide/porting.html#Taint_Mode
> _____________________________________________________________________
> Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
> http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
> mailto:stas@stason.org   http://apachetoday.com http://eXtropia.com/
> http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
> 

 Thanks for the words of wisdom Gents. These errors were not occuring before the 
admins did their "major upgrade" so I knew the code was okay. However, after verifying a
few times that there was nothing setuid or containg a -T switch, and wasting a day and a
half on searching for the cause of these senseless errors,  I found a fix.  REBOOT

I still don't know why mod_perl thought I was throwing a  -T  at it, but rebooting the 
box shook it loose.

	Doh!

Barry

Re: Insecure dependency errors

Posted by Stas Bekman <st...@stason.org>.

On Fri, 4 May 2001, Cees Hek wrote:

> On Thu, 3 May 2001, Barry Veinotte wrote:
>
> > [Thu May  3 15:06:57 2001] [error] Insecure dependency in open while
> > running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.

> > The scripts using the .pm are running under Apache::Registry and have been running
> > fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> > dying with this error. None of them are running -T   I don't think any on the server are,
> > and know none under Apache::Registry are.

> > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > where I could start looking?

% perldoc perlsec

> Check your Apache config files for  PerlTaintCheck On, and check all your
> registry scripts for the -T switch.  Also, taint checking is automatically
> turned on when scripts are run setuid (I don't know if that can affect
> Registry scripts, but it's probably worth checking the file permissions on
> all your scripts and modules)

-T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
setuid, Apache::Registry scripts aren't executed as plain perl scripts.
Instead they are being read as plain files, placed into the handler()
function (and the package) and only then executed.

See: http://perl.apache.org/guide/porting.html#Taint_Mode
_____________________________________________________________________
Stas Bekman              JAm_pH     --   Just Another mod_perl Hacker
http://stason.org/       mod_perl Guide  http://perl.apache.org/guide
mailto:stas@stason.org   http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: Insecure dependency errors

Posted by Cees Hek <ce...@sitesuite.net>.

On Thu, 3 May 2001, Barry Veinotte wrote:

> [Thu May  3 15:06:57 2001] [error] Insecure dependency in open while 
> running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
> 
> The scripts using the .pm are running under Apache::Registry and have been running
> fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> dying with this error. None of them are running -T   I don't think any on the server are,
> and know none under Apache::Registry are.
> 
> Only Apache::Registry scripts are being affected. Anyone have any ideas as to 
> where I could start looking?

Check your Apache config files for  PerlTaintCheck On, and check all your
registry scripts for the -T switch.  Also, taint checking is automatically
turned on when scripts are run setuid (I don't know if that can affect
Registry scripts, but it's probably worth checking the file permissions on
all your scripts and modules)

Cees