[rt-users] Insecure dependency running setgid in Guts.pm

Tue Apr 20 15:01:03 EDT 2004

Ok. Another workaround is to use apache's suexec functionality, rather
than setgid perl.  The author of Locale::Maketext hasn't been able to
track this issue yet.

On Tue, Apr 20, 2004 at 02:55:35PM -0400, Parish, Brent wrote:
> Hi.
> 
> I saw this error on the list Thu 4/15/2004, reported on RH9.  I am seeing this on Solaris 9, Perl 5.8.3, RT 3.0.10.
> I have seen this in several places, but this particular one (below) was while modifying a ticket and dropping a requestor from it.
> I upgraded Locale::Maketext to 1.09, but got the error again.  I have a number of users (about 20) hitting the RT servers (there are 3, load balanced with persistent sessions behind a VIP) fairly regularly through the day.  I see this error probably about three times an hour or more.  Anyone have any ideas?  Also, I only saw this error after upgrading to 3.0.10 (from 3.0.9 for performance).
> 
> Thanks!
> Brent
> 
> =========== ERROR =================
> 
> error:  Insecure dependency in eval while running setgid at /usr/local/lib/perl5/5.8.3/Locale/Maketext/Guts.pm line 247.
>  
> context:  ...   
> 243:  unshift @code, "use strict; sub {\n"; 
> 244:  push @code, "}\n"; 
> 245:   
> 246:  print @code if DEBUG; 
> 247:  my $sub = eval(join '', @code); 
> 248:  die "$@ while evalling" . join('', @code) if $@; # Should be impossible. 
> 249:  return $sub; 
> 250:  } 
> 251:   
> ...   
>  
> code stack:  /usr/local/lib/perl5/5.8.3/Locale/Maketext/Guts.pm:247
> /usr/local/lib/perl5/5.8.3/Locale/Maketext.pm:195
> /opt/rt3/lib/RT/CurrentUser.pm:360
> /opt/rt3/lib/RT/Base.pm:97
> /opt/rt3/lib/RT/Ticket_Overlay.pm:1601
> /opt/rt3/lib/RT/Interface/Web.pm:1265
> /opt/rt3/share/html/Ticket/ModifyPeople.html:49
> /opt/rt3/share/html/autohandler:195
> 
> =========== END ERROR =================
>  
> 
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com]On Behalf Of Jesse
> Vincent
> Sent: Thursday, April 15, 2004 1:51 PM
> To: thuryn at aplis.cz
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [Rt-users] RT 3.0.10 on RH 9
> 
> 
> 
> What version of Locale::Maketext are you running with. If you upgrade to
> the latest version, does it go away?
> 
> On Thu, Apr 15, 2004 at 11:39:52AM +0200, Tom Hurn wrote:
> > Hallo,
> >   I get error below after upgrading RT to 3.0.10 and I click on 
> > https://rt.aplis.com/Admin/Global/Template.html?Queue=0&Template=14
> > 
> > 
> > Error:
> > Insecure dependency in eval while running setgid 
> > at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247.
> > 
> > 
> > Trace begun at /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Exceptions.pm line 
> > 131
> > HTML::Mason::Exceptions::rethrow_exception('Insecure dependency in eval while 
> > running setgid at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247..^J') 
> > called at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247
> > Locale::Maketext::_compile('RT::I18N::cs=HASH(0x958aa80)', 'M-Zprava vzoru 
> > [_1]') called at /usr/lib/perl5/5.8.0/Locale/Maketext.pm line 189
> > -- 
> > Tomáš Hurýn
> > 
> ***********************************************************************
> This message is intended only for the use of the intended recipient and
> may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
> are not the intended recipient, you are hereby notified that any use,
> dissemination, disclosure or copying of this communication is strictly
> prohibited.  If you have received this communication in error, please
> destroy all copies of this message and its attachments and notify us
> immediately.
> ***********************************************************************

> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> RT Developer and Administrator training is coming to LA, DC and Frankfurt this spring and summer.
> http://bestpractical.com/services/training.html
> 
> Sign up early, as class space is limited. 

-- 