You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Barry Veinotte <ba...@veinotte.com> on 2001/05/03 20:25:45 UTC
Insecure dependency errors
Hi People.
This is a strange problem, and I am not even sure if it is directly related
to mod_perl or not, but since there has been a couple guys on this for a
couple of hours now with no answers, I thought I woud check to see if
anyone has seen such errors:
[Thu May 3 15:06:57 2001] [error] Insecure dependency in open while
running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
The scripts using the .pm are running under Apache::Registry and have been running
fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
dying with this error. None of them are running -T I don't think any on the server are,
and know none under Apache::Registry are.
Only Apache::Registry scripts are being affected. Anyone have any ideas as to
where I could start looking?
Thanks, and if it turns out to not be related to mod_perl, I apologize :-)
I am about to suggest reinstalling Perl ...
Barry
_________________________________________________________
Barry Veinotte
Veinotte.com International, Inc.
E-Mail: Barry@veinotte.com
Phone: 709.282.3233
http://www.veinotte.com http://ad-eagle.com http://pass-iton.com
Software isn't released,
it's allowed to escape.
_________________________________________________________
RE: Insecure dependency errors
Posted by Barry Veinotte <ba...@veinotte.com>.
> -----Original Message-----
> From: Stas Bekman [mailto:stas@stason.org]
> Sent: Thursday, May 03, 2001 11:56 PM
> To: Cees Hek
> Cc: Barry Veinotte; modperl@apache.org
> Subject: Re: Insecure dependency errors
>
>
> On Fri, 4 May 2001, Cees Hek wrote:
>
> > On Thu, 3 May 2001, Barry Veinotte wrote:
> >
> > > [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while
> > > running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
>
> > > The scripts using the .pm are running under Apache::Registry and have been running
> > > fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> > > dying with this error. None of them are running -T I don't think any on the server are,
> > > and know none under Apache::Registry are.
>
> > > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > > where I could start looking?
>
> % perldoc perlsec
>
> > Check your Apache config files for PerlTaintCheck On, and check all your
> > registry scripts for the -T switch. Also, taint checking is automatically
> > turned on when scripts are run setuid (I don't know if that can affect
> > Registry scripts, but it's probably worth checking the file permissions on
> > all your scripts and modules)
>
> -T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
> setuid, Apache::Registry scripts aren't executed as plain perl scripts.
> Instead they are being read as plain files, placed into the handler()
> function (and the package) and only then executed.
>
> See: http://perl.apache.org/guide/porting.html#Taint_Mode
> _____________________________________________________________________
> Stas Bekman JAm_pH -- Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide http://perl.apache.org/guide
> mailto:stas@stason.org http://apachetoday.com http://eXtropia.com/
> http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
>
Thanks for the words of wisdom Gents. These errors were not occuring before the
admins did their "major upgrade" so I knew the code was okay. However, after verifying a
few times that there was nothing setuid or containg a -T switch, and wasting a day and a
half on searching for the cause of these senseless errors, I found a fix. REBOOT
I still don't know why mod_perl thought I was throwing a -T at it, but rebooting the
box shook it loose.
Doh!
Barry
Re: Insecure dependency errors
Posted by Stas Bekman <st...@stason.org>.
On Fri, 4 May 2001, Cees Hek wrote:
> On Thu, 3 May 2001, Barry Veinotte wrote:
>
> > [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while
> > running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
> > The scripts using the .pm are running under Apache::Registry and have been running
> > fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> > dying with this error. None of them are running -T I don't think any on the server are,
> > and know none under Apache::Registry are.
> > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > where I could start looking?
% perldoc perlsec
> Check your Apache config files for PerlTaintCheck On, and check all your
> registry scripts for the -T switch. Also, taint checking is automatically
> turned on when scripts are run setuid (I don't know if that can affect
> Registry scripts, but it's probably worth checking the file permissions on
> all your scripts and modules)
-T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
setuid, Apache::Registry scripts aren't executed as plain perl scripts.
Instead they are being read as plain files, placed into the handler()
function (and the package) and only then executed.
See: http://perl.apache.org/guide/porting.html#Taint_Mode
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:stas@stason.org http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Insecure dependency errors
Posted by Cees Hek <ce...@sitesuite.net>.
On Thu, 3 May 2001, Barry Veinotte wrote:
> [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while
> running with -T switch at /usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
>
> The scripts using the .pm are running under Apache::Registry and have been running
> fine. Then last night a "major" upgrade was done to the servers. Now the scripts are
> dying with this error. None of them are running -T I don't think any on the server are,
> and know none under Apache::Registry are.
>
> Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> where I could start looking?
Check your Apache config files for PerlTaintCheck On, and check all your
registry scripts for the -T switch. Also, taint checking is automatically
turned on when scripts are run setuid (I don't know if that can affect
Registry scripts, but it's probably worth checking the file permissions on
all your scripts and modules)
Cees