[rt-users] RT 3.4.4 RedHat - "tained" data in webmux.pl
Jesse Vincent
jesse at bestpractical.com
Fri Jan 13 12:49:20 EST 2006
On Thu, Jan 12, 2006 at 03:53:13PM +0100, Goddard Lee wrote:
> When running RT 3.4.4, clean install, on a Red Hat box, with Apache 2.0 mod_perl:
>
> [Thu Jan 12 16:37:29 2006] [error] Insecure dependency in unlink while running with -T switch at /usr/local/lib/perl5/5.8.7/File/Path.pm line 267.\nCompilation failed in require at (eval 2) line 1.\n
> [Thu Jan 12 16:37:29 2006] [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server crtd.easa.local:0, exiting...
Lee,
You very much want to turn off "taint" mode in mod_perl. Perl's
taint mode is incredibly brittle and inflexible and doesn't really do
much to protect you. It's well documented to bite you (and RT) in all
sorts of circumstances.
Best,
Jesse
More information about the rt-users
mailing list