[Rt-devel] Insecure Dependency in Config.pm
Jesse Vincent
jesse at bestpractical.com
Mon Oct 6 11:20:22 EDT 2008
On Sun, Oct 05, 2008 at 07:56:53PM -0400, Bill McDowell wrote:
> Hello
>
> So rt 3.8.1 is installed. But, when the apache server is started, the
> following error is generated.
We don't support RT running with perl's 'taint' mode enabled.
>
> [error] Couldn't load RT config file RT_SiteConfig.pm:\n\nInsecure
> dependency in require while running with -T switch at
> /opt/rt3/bin/../lib/RT/Config\
> .pm line 421.\nBEGIN failed--compilation aborted at /opt/rt3/bin/webmux.pl
> line 103.\nCompilation failed in require at (eval 92) line 1.\n
> [Wed Oct 01 16:34:11 2008] [error] Can't load Perl file:
> /opt/rt3/bin/webmux.pl
>
> Here is the code in Config.pm around the error...
>
> package RT;
> local *Set = sub(\[$@%]@) {
> my ( $opt_ref, @args ) = @_;
> my ( $pack, $file, $line ) = caller;
> return $self->SetFromConfig(
> Option => $opt_ref,
> Value => [@args],
> Package => $pack,
> File => $file,
> Line => $line,
> SiteConfig => $is_site,
> Extension => $is_ext,
> );
> };
> my @etc_dirs = ($RT::LocalEtcPath);
> push @etc_dirs, RT->PluginDirs('etc') if $is_ext;
> push @etc_dirs, $RT::EtcPath, @INC;
> local @INC = @etc_dirs;
>
> require $args{'File'};
>
>
> It fails at the require. I was lead to believe that $args{'File'} was
> tainted. But, I tested it with
>
> sub is_tainted {
> return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1};
> }
>
> and found that it was not tainted.
>
> So I'm not sure what the problem is.
>
> Thanks,
>
> Bill
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
--
More information about the Rt-devel
mailing list