You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Carl Brewer <ca...@bl.echidna.id.au> on 2003/02/28 02:09:48 UTC
mp2: works with NetBSD? was Re: mp2: anyone got mp2 and apache 2.0.44
working on any version of OpenBSD?
As no-one seems interested in this after a few weeks,
I'm considering NetBSD ... anyone got mod_perl2 and apache2
running nicely on NetBSD 1.6? That's my next-choice
O/S for my application, but I don't have a testbed yet to
play with.
Carl
Carl Brewer wrote:
>
> Scanning both dev.modperl and here, I've found a couple of
> mails concerning OpenBSD and mod_perl 2 (1.99_08) with Apache 2.0.44,
> I've tried a few quick hacks and have been unable to get it working
> either, with the same error as seen on :
>
> http://mathforum.org/epigone/modperl/sponggrunlim/3E4047B1.9060001@stason.org
>
>
> I'm using perl 5.8.0 on OpenBSD 2.9, but the same error crops
> up. Has anyone been able to get it to run? (it seems to work
> well on SunOS 5.8 with the same apache & perl versions)
>
> Carl
>
>
Re: [error] Insecure dependency in unlink while running with-Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pmline106
Posted by Martin Moss <Ma...@btinternet.com>.
Thanks mate,
Will re-examine the drawing board......
Marty
----- Original Message -----
From: "Perrin Harkins" <pe...@elem.com>
To: "Martin Moss" <ma...@btinternet.com>
Cc: "Cees Hek" <ce...@sitesuite.com.au>; <mo...@perl.apache.org>
Sent: Friday, February 28, 2003 2:52 PM
Subject: Re: [error] Insecure dependency in unlink while running
with-Tswitch at
/usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pmline106
> On Fri, 2003-02-28 at 09:10, Martin Moss wrote:
> > I can't use Apache::DBI.
> > I have multiple database connections.which are authenticated for
different
> > users.
>
> You're pretty much screwed then on the database front.
>
> > I just wanted to
> > reduce the database lookups.
>
> If you just want to cache data, don't use Apache::Session for that. Use
> IPC::MM, Cache::Mmap, Cache::FileCache, or MLDBM::Sync.
>
> - Perrin
>
>
Re: [error] Insecure dependency in unlink while running with
-Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm
line106
Posted by Perrin Harkins <pe...@elem.com>.
On Fri, 2003-02-28 at 09:10, Martin Moss wrote:
> I can't use Apache::DBI.
> I have multiple database connections.which are authenticated for different
> users.
You're pretty much screwed then on the database front.
> I just wanted to
> reduce the database lookups.
If you just want to cache data, don't use Apache::Session for that. Use
IPC::MM, Cache::Mmap, Cache::FileCache, or MLDBM::Sync.
- Perrin
Re: [error] Insecure dependency in unlink while running with -Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line106
Posted by Martin Moss <Ma...@btinternet.com>.
heheheh,
I can't use Apache::DBI.
I have multiple database connections.which are authenticated for different
users. Am wondering whether to bother with the persistance at all, I can
retrieve all the data I need out of the database anyway, I just wanted to
reduce the database lookups. Especially as I could be operating on 100's of
records.
I was using Apache::Session to generate session IDs and allow me to timeout
users etc...
Marty
----- Original Message -----
From: "Perrin Harkins" <pe...@elem.com>
To: "Martin Moss" <ma...@btinternet.com>
Cc: "Cees Hek" <ce...@sitesuite.com.au>; <mo...@perl.apache.org>
Sent: Friday, February 28, 2003 2:03 PM
Subject: Re: [error] Insecure dependency in unlink while running
with -Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm
line106
> On Fri, 2003-02-28 at 08:47, Martin Moss wrote:
> > Is Apache::Session::DB_type Faster than Apache::Session::File?
>
> It depends on your disk, OS, and filesystem. It stores all the files in
> one directory, which is quite slow on some systems and not a problem on
> others.
>
> > I already use a lot of DB connections and I used Apache::Session::File
to
> > reduce this,
>
> Apache::Session::MySQL (or Oracle, etc.) do not require separate
> database connections. If you already have a connection (which you would
> if you use Apache::DBI), you just pass it to Apache::Session.
>
> - Perrin
>
>
Re: [error] Insecure dependency in unlink while running with -T
switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line
106
Posted by Perrin Harkins <pe...@elem.com>.
On Fri, 2003-02-28 at 08:47, Martin Moss wrote:
> Is Apache::Session::DB_type Faster than Apache::Session::File?
It depends on your disk, OS, and filesystem. It stores all the files in
one directory, which is quite slow on some systems and not a problem on
others.
> I already use a lot of DB connections and I used Apache::Session::File to
> reduce this,
Apache::Session::MySQL (or Oracle, etc.) do not require separate
database connections. If you already have a connection (which you would
if you use Apache::DBI), you just pass it to Apache::Session.
- Perrin
Re: [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
Posted by Martin Moss <Ma...@btinternet.com>.
Is Apache::Session::DB_type Faster than Apache::Session::File?
I already use a lot of DB connections and I used Apache::Session::File to
reduce this,
Marty
----- Original Message -----
From: "Cees Hek" <ce...@sitesuite.com.au>
To: "Martin Moss" <ma...@btinternet.com>
Cc: <mo...@perl.apache.org>
Sent: Friday, February 28, 2003 5:39 AM
Subject: Re: [error] Insecure dependency in unlink while running with -T
switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line
106
> Quoting Martin Moss <Ma...@btinternet.com>:
>
> > All,
> > Can Anybody see what I'm doing wrong here?
> >
> > I have the following error :-
> > [error] Insecure dependency in unlink while running with -T switch at
> > /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106.
>
> The problem is not with your code, it is that Apache::Session::File
does
> not work in Taint mode. Apache::Session::Store::File gets the session ID
from a
> file (which means session_is is tainted), and then uses the tainted
session_id
> to delete a file (hence the unlink error).
>
> A quick fix for this is for you to untaint the session ID yourself
after
> the session has been unserialized. Put the following two lines right after
you
> tie the session:
>
> $session{_session_id} =~ /^([a-zA-Z0-9]+)$/;
> $session{_session_id} = $1;
>
> This probably should be fixed in Apache::Session itself as I am sure
other
> people will run into it.
>
> By the way, you really shouldn't be using Apache::Session::File
anyway for
> performance reasons. At least use Apache::Session::DB_File which most
likely
> doesn't suffer from this taint problem and will be much quicker.
>
> Cees
>
>
>
> >
> > When I run the following subroutine:-
> >
> > sub delete_session
> > {
> > my $self=shift;
> > my $session_id=shift;
> >
> > if ($session_id =~ /^(\w\w*)$/)
> > {
> > $session_id = $1; # $data now untainted
> > }
> > else
> > {
> > die "Bad Tainted data in $session_id"; # log this somewhere
> > }
> >
> > die $self->{lh}->maketext("No Session_id given") unless ($session_id);
> >
> > my $t=time;
> > my %session;
> >
> > my $Directory = My::Conf::APACHE_SESSIONS_TMPDIR;
> > my $LockDirectory = My::Conf::APACHE_SESSIONS_LOCKDIR;
> >
> > $Directory="XX_GRRRRR_XX$Directory"."XX_GRRRRR_XX"; #e.g.
> > '/path/to/dir/'
> > $LockDirectory="XX_GRRRRR_XX$LockDirectory"."XX_GRRRRR_XX"; #e.g.
> > '/path/to/dir/'
> >
> > if ($Directory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
> > {
> > $Directory = $1; # $data now untainted
> > }
> > else
> > {
> > die "Bad Tainted data in $Directory"; # log this somewhere
> > }
> >
> > if ($LockDirectory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
> > {
> > $LockDirectory = $1; # $data now untainted
> > }
> > else
> > {
> > die "Bad Tainted data in $LockDirectory"; # log this
somewhere
> > }
> >
> > #Load an existing session
> > eval
> > {
> > tie %session, 'Apache::Session::File',$session_id,
> > {
> > Directory => Bficient::Conf::APACHE_SESSIONS_TMPDIR,
> > LockDirectory =>
Bficient::Conf::APACHE_SESSIONS_LOCKDIR,
> > };
> > };
> > if ($@)
> > {
> > die $self->{lh}->maketext("Couldn't Load Apache::Session -
\"[_1]\"
> > For '\"[_2]\"'",$@,$self->UserName);
> > }
> >
> > print STDERR "Just about to unlink\n";
> > tied(%session)->delete;
> > return 1;
> > }
> >
> >
>
>
>
Re: [error] Insecure dependency in unlink while running with -T switch
at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
Posted by Stas Bekman <st...@stason.org>.
> Quoting Martin Moss <Ma...@btinternet.com>:
just a minor comment regarding untainting techniques.
If do /(.*)/ to launder tainted vars as you did in:
>> if ($Directory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
you can as well turn the taint mode off. For more info see:
http://www.gunther.web66.com/FAQS/taintmode.html#clear_taint
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
Posted by Cees Hek <ce...@sitesuite.com.au>.
Quoting Martin Moss <Ma...@btinternet.com>:
> All,
> Can Anybody see what I'm doing wrong here?
>
> I have the following error :-
> [error] Insecure dependency in unlink while running with -T switch at
> /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106.
The problem is not with your code, it is that Apache::Session::File does
not work in Taint mode. Apache::Session::Store::File gets the session ID from a
file (which means session_is is tainted), and then uses the tainted session_id
to delete a file (hence the unlink error).
A quick fix for this is for you to untaint the session ID yourself after
the session has been unserialized. Put the following two lines right after you
tie the session:
$session{_session_id} =~ /^([a-zA-Z0-9]+)$/;
$session{_session_id} = $1;
This probably should be fixed in Apache::Session itself as I am sure other
people will run into it.
By the way, you really shouldn't be using Apache::Session::File anyway for
performance reasons. At least use Apache::Session::DB_File which most likely
doesn't suffer from this taint problem and will be much quicker.
Cees
>
> When I run the following subroutine:-
>
> sub delete_session
> {
> my $self=shift;
> my $session_id=shift;
>
> if ($session_id =~ /^(\w\w*)$/)
> {
> $session_id = $1; # $data now untainted
> }
> else
> {
> die "Bad Tainted data in $session_id"; # log this somewhere
> }
>
> die $self->{lh}->maketext("No Session_id given") unless ($session_id);
>
> my $t=time;
> my %session;
>
> my $Directory = My::Conf::APACHE_SESSIONS_TMPDIR;
> my $LockDirectory = My::Conf::APACHE_SESSIONS_LOCKDIR;
>
> $Directory="XX_GRRRRR_XX$Directory"."XX_GRRRRR_XX"; #e.g.
> '/path/to/dir/'
> $LockDirectory="XX_GRRRRR_XX$LockDirectory"."XX_GRRRRR_XX"; #e.g.
> '/path/to/dir/'
>
> if ($Directory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
> {
> $Directory = $1; # $data now untainted
> }
> else
> {
> die "Bad Tainted data in $Directory"; # log this somewhere
> }
>
> if ($LockDirectory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
> {
> $LockDirectory = $1; # $data now untainted
> }
> else
> {
> die "Bad Tainted data in $LockDirectory"; # log this somewhere
> }
>
> #Load an existing session
> eval
> {
> tie %session, 'Apache::Session::File',$session_id,
> {
> Directory => Bficient::Conf::APACHE_SESSIONS_TMPDIR,
> LockDirectory => Bficient::Conf::APACHE_SESSIONS_LOCKDIR,
> };
> };
> if ($@)
> {
> die $self->{lh}->maketext("Couldn't Load Apache::Session - \"[_1]\"
> For '\"[_2]\"'",$@,$self->UserName);
> }
>
> print STDERR "Just about to unlink\n";
> tied(%session)->delete;
> return 1;
> }
>
>
[error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
Posted by Martin Moss <Ma...@btinternet.com>.
All,
Can Anybody see what I'm doing wrong here?
I have the following error :-
[error] Insecure dependency in unlink while running with -T switch at
/usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106.
When I run the following subroutine:-
sub delete_session
{
my $self=shift;
my $session_id=shift;
if ($session_id =~ /^(\w\w*)$/)
{
$session_id = $1; # $data now untainted
}
else
{
die "Bad Tainted data in $session_id"; # log this somewhere
}
die $self->{lh}->maketext("No Session_id given") unless ($session_id);
my $t=time;
my %session;
my $Directory = My::Conf::APACHE_SESSIONS_TMPDIR;
my $LockDirectory = My::Conf::APACHE_SESSIONS_LOCKDIR;
$Directory="XX_GRRRRR_XX$Directory"."XX_GRRRRR_XX"; #e.g.
'/path/to/dir/'
$LockDirectory="XX_GRRRRR_XX$LockDirectory"."XX_GRRRRR_XX"; #e.g.
'/path/to/dir/'
if ($Directory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
{
$Directory = $1; # $data now untainted
}
else
{
die "Bad Tainted data in $Directory"; # log this somewhere
}
if ($LockDirectory =~ /^XX_GRRRRR_XX(.*)XX_GRRRRR_XX$/)
{
$LockDirectory = $1; # $data now untainted
}
else
{
die "Bad Tainted data in $LockDirectory"; # log this somewhere
}
#Load an existing session
eval
{
tie %session, 'Apache::Session::File',$session_id,
{
Directory => Bficient::Conf::APACHE_SESSIONS_TMPDIR,
LockDirectory => Bficient::Conf::APACHE_SESSIONS_LOCKDIR,
};
};
if ($@)
{
die $self->{lh}->maketext("Couldn't Load Apache::Session - \"[_1]\"
For '\"[_2]\"'",$@,$self->UserName);
}
print STDERR "Just about to unlink\n";
tied(%session)->delete;
return 1;
}
Re: mp2: works with NetBSD? was Re: mp2: anyone got mp2 and apache
2.0.44 working on any version of OpenBSD?
Posted by Stas Bekman <st...@stason.org>.
Carl Brewer wrote:
>
>
> Stas Bekman wrote:
>
>> Carl Brewer wrote:
>>
>>>
>>> As no-one seems interested in this after a few weeks,
>>
>>
>>
>> It's not about not being interested, but lacking the access to the
>> system and/or lacking the expertise on these platforms. We really need
>> to have at least one person taking care of problems on each of the
>> less-mainstream platforms.
>
>
> Understood, I can make a box available to you if it helps?
Unfortunately, the "and/or lacking the expertise on these platforms" part is
valid for me.
I've responded in hope that somebody else who has the expertise or is
interested in getting one, will followup.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: mp2: works with NetBSD? was Re: mp2: anyone got mp2 and apache
2.0.44 working on any version of OpenBSD?
Posted by Carl Brewer <ca...@bl.echidna.id.au>.
Stas Bekman wrote:
> Carl Brewer wrote:
>
>>
>> As no-one seems interested in this after a few weeks,
>
>
> It's not about not being interested, but lacking the access to the
> system and/or lacking the expertise on these platforms. We really need
> to have at least one person taking care of problems on each of the
> less-mainstream platforms.
Understood, I can make a box available to you if it helps?
Carl
Re: mp2: works with NetBSD? was Re: mp2: anyone got mp2 and apache
2.0.44 working on any version of OpenBSD?
Posted by Stas Bekman <st...@stason.org>.
Carl Brewer wrote:
>
> As no-one seems interested in this after a few weeks,
It's not about not being interested, but lacking the access to the system
and/or lacking the expertise on these platforms. We really need to have at
least one person taking care of problems on each of the less-mainstream platforms.
> I'm considering NetBSD ... anyone got mod_perl2 and apache2
> running nicely on NetBSD 1.6? That's my next-choice
> O/S for my application, but I don't have a testbed yet to
> play with.
>
> Carl
>
>
>
>
> Carl Brewer wrote:
>
>>
>> Scanning both dev.modperl and here, I've found a couple of
>> mails concerning OpenBSD and mod_perl 2 (1.99_08) with Apache 2.0.44,
>> I've tried a few quick hacks and have been unable to get it working
>> either, with the same error as seen on :
>>
>> http://mathforum.org/epigone/modperl/sponggrunlim/3E4047B1.9060001@stason.org
>>
>>
>> I'm using perl 5.8.0 on OpenBSD 2.9, but the same error crops
>> up. Has anyone been able to get it to run? (it seems to work
>> well on SunOS 5.8 with the same apache & perl versions)
>>
>> Carl
>>
>>
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com