Return-Path: | <jesse [...] bestpractical.com> |
Delivered-To: | cpan-bug+locale-maketext [...] pallas.eruditorum.org |
Received: | from [10.0.1.8] (209-6-159-27.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com [209.6.159.27]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by pallas.eruditorum.org (Postfix) with ESMTP id 3E41111139; Mon, 1 Mar 2004 17:18:00 -0500 (EST) |
MIME-Version: | 1.0 (Apple Message framework v612) |
Content-Type: | multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-15--1059451453" |
Message-Id: | <4C929E00-6BCE-11D8-8564-000A95AA631E [...] bestpractical.com> |
Content-Transfer-Encoding: | 7bit |
From: | Jesse Vincent <jesse [...] bestpractical.com> |
Subject: | setgid taint error |
Date: | Mon, 1 Mar 2004 17:17:59 -0500 |
To: | bug-locale-maketext [...] rt.cpan.org |
X-PGP-Agent: | GPGMail 1.0.1 (v33, 10.3) |
X-Mailer: | Apple Mail (2.612) |
Content-Length: | 0 |
Content-Transfer-Encoding: | 7bit |
Content-Type: | text/plain; charset=US-ASCII; delsp=yes; format=flowed |
X-RT-Original-Encoding: | us-ascii |
Content-Length: | 2554 |
Begin forwarded message:
Show quoted text
> From: Alex Soares de Moura <alex@rnp.br>
> Date: March 1, 2004 10:33:18 AM EST
> To: rt-users@lists.fsck.com
> Cc: Subject: [rt-users] [Fwd: RT]
>
> Hello,
>
> Suddenly, this morning the RT of our production server started showing
> the error below accessing the RT web interface:
>
> -----------------------------------------------------------------------
> ---------------------
> error: Insecure dependency in eval while running setgid at
> /usr/local/lib/perl5/site_perl/5.8.2/Locale/Maketext/Guts.pm line 247.
> context: ... 243: unshift @code, "use strict; sub {\n";
> 244: push @code, "}\n";
> 245: 246: print @code if DEBUG;
> 247: my $sub = eval(join '', @code);
> 248: die "$@ while evalling" . join('', @code) if $@; # Should be
> impossible.
> 249: return $sub;
> 250: }
> 251: ... code stack:
> /usr/local/lib/perl5/site_perl/5.8.2/Locale/Maketext/Guts.pm:247
> /usr/local/lib/perl5/site_perl/5.8.2/Locale/Maketext.pm:196
> /opt/rt3/lib/RT/CurrentUser.pm:360
> /opt/rt3/lib/RT/Interface/Web.pm:215
> /opt/rt3/share/html/Elements/Login:44
> /opt/rt3/share/html/autohandler:195
> raw error
> <http://200.17.63.80/rt/
> #raw>------------------------------------------------------------------
> --------------------------
> Environment:
> FreeBSD 4.9-STABLE, rt-3.0.8, rtir-1-0-2, mysql-server-4.0.17,
> p5-DBIx-SearchBuilder-0.96, p5-FastCGI-0.67.
> -----------------------------------------------------------------------
> ---------------------
>
> The only reference I've found in the list archive was this:
> http://marc.free.net.ph/message/20040109.110507.a020d925.html
>
> but the followup isn't a solution for us. To change the fastcgi to
> mod_perl would be a undesirable change in the environment that's been
> working well and stable for a couple of months.
>
> I'm even afraid of restarting the apache and/or the mysql servers
> once some of the users that logged in early in the morning are
> accessing without problems (me included). Only the users that are
> trying to log in since an hour ago are having this error message
> displayed.
> -------
>
> Last min. update: the problem misteriously disappeared while I was
> writing this email. Go figure...
>
> Alex
> _______________________________________________
> rt-users mailing list
> rt-users@lists.bestpractical.com
> http://lists.bestpractical.com/mailman/listinfo/rt-users
>
> Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
>
content-type: | application/pgp-signature; x-mac-type=70674453; name=PGP.sig |
content-description: | This is a digitally signed message part |
content-disposition: | inline; filename=PGP.sig |
content-transfer-encoding: | 7bit |
Content-Length: | 186 |
Message body not shown because it is not plain text.