[Rt-devel] Further Info: taint checks when running GID
Brent B. Powers
bbp2006 at pathology.columbia.edu
Thu Aug 12 14:20:23 EDT 2004
Still (obviously) working, replaced code with Sean's recommended:
my $sub = eval { eval(join '', @code) || die $@ };
die "$@ while evalling " . join('', @code) if $@; # Should be impossible.
return $sub;
Things are back to working with that, save for creating a new ticket, where
I get (Full Dump):
System error
error: Insecure dependency in eval while running with -T switch at
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm line 259.
Stack:
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm:259]
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext.pm:196]
[/usr/local/rt3/lib/RT/CurrentUser.pm:365]
[/usr/local/rt3/lib/RT/Base.pm:97]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:1485]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:581]
[/usr/local/rt3/lib/RT/Interface/Web.pm:346]
[/usr/local/rt3/share/html/Ticket/Display.html:72]
[/usr/local/rt3/share/html/Ticket/Create.html:255]
[/usr/local/rt3/share/html/autohandler:196]
while evallinguse strict; sub {
join '',
'Added principal as a ',
($_[1], ),
' for this ticket',
}
context:
...
256: }
257: return $sub;
258: } else {
259: my $sub = eval { eval(join '', @code) || die $@ };
260: die "$@ while evalling" . join('', @code) if $@; # Should be
impossible.
261: return $sub;
262: }
263: }
264:
...
code stack:
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm:260
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext.pm:196
/usr/local/rt3/lib/RT/CurrentUser.pm:365
/usr/local/rt3/lib/RT/Base.pm:97
/usr/local/rt3/lib/RT/Ticket_Overlay.pm:1485
/usr/local/rt3/lib/RT/Ticket_Overlay.pm:581
/usr/local/rt3/lib/RT/Interface/Web.pm:346
/usr/local/rt3/share/html/Ticket/Display.html:72
/usr/local/rt3/share/html/Ticket/Create.html:255
/usr/local/rt3/share/html/autohandler:196
raw error
Insecure dependency in eval while running with -T switch at
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm line 259.
Stack:
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm:259]
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext.pm:196]
[/usr/local/rt3/lib/RT/CurrentUser.pm:365]
[/usr/local/rt3/lib/RT/Base.pm:97]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:1485]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:581]
[/usr/local/rt3/lib/RT/Interface/Web.pm:346]
[/usr/local/rt3/share/html/Ticket/Display.html:72]
[/usr/local/rt3/share/html/Ticket/Create.html:255]
[/usr/local/rt3/share/html/autohandler:196]
while evallinguse strict; sub {
join '',
'Added principal as a ',
($_[1], ),
' for this ticket',
}
Trace begun at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Exceptions.pm line 131
HTML::Mason::Exceptions::rethrow_exception('Insecure dependency in eval
while running with -T switch at
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm line 259.
Stack:
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm:259]
[/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext.pm:196]
[/usr/local/rt3/lib/RT/CurrentUser.pm:365]
[/usr/local/rt3/lib/RT/Base.pm:97]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:1485]
[/usr/local/rt3/lib/RT/Ticket_Overlay.pm:581]
[/usr/local/rt3/lib/RT/Interface/Web.pm:346]
[/usr/local/rt3/share/html/Ticket/Display.html:72]
[/usr/local/rt3/share/html/Ticket/Create.html:255]
[/usr/local/rt3/share/html/autohandler:196]
while evallinguse strict; sub {
join \'\',
\'Added principal as a \',
($_[1], ),
\' for this ticket\',
}
') called at /usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext/Guts.pm
line 260
Locale::Maketext::_compile('RT::I18N::en=HASH(0x925c6f8)', 'Added principal
as a [_1] for this ticket') called at
/usr/local/lib/perl5/site_perl/5.8.4/Locale/Maketext.pm line 196
Locale::Maketext::maketext(undef, undef, 'Requestor') called at
/usr/local/rt3/lib/RT/CurrentUser.pm line 365
RT::CurrentUser::loc('RT::CurrentUser=HASH(0x9517458)', 'Added principal as
a [_1] for this ticket', 'Requestor') called at
/usr/local/rt3/lib/RT/Base.pm line 97
RT::Base::loc('RT::Ticket=HASH(0x945b698)', 'Added principal as a [_1] for
this ticket', 'Requestor') called at
/usr/local/rt3/lib/RT/Ticket_Overlay.pm line 1485
RT::Ticket::_AddWatcher('RT::Ticket=HASH(0x945b698)', 'Type', 'Requestor',
'Email', 'xxxxxx at here.com', 'Silent', 1) called at
/usr/local/rt3/lib/RT/Ticket_Overlay.pm line 581
RT::Ticket::Create('RT::Ticket=HASH(0x945b698)', 'TimeEstimated', undef,
'Status', 'new', 'Queue', 'Purchasing', 'AdminCc', 'ARRAY(0x8b5bd3c)',
'CustomField-2', 'Order Finalized', 'MIMEObj',
'MIME::Entity=HASH(0x94fdc10)', 'InitialPriority', 0, 'Starts', '1970-01-01
00:00:00', 'TimeWorked', '', 'CustomField-4', '', 'Requestor',
'ARRAY(0x8b5bc94)', 'Cc', 'ARRAY(0x8b5bce8)', 'Subject', 'Terminal Server',
'CustomField-5', '', 'FinalPriority', 0, 'TimeLeft', '', 'Owner', 320,
'CustomField-6', '', 'Due', '1970-01-01 00:00:00') called at
/usr/local/rt3/lib/RT/Interface/Web.pm line 346
HTML::Mason::Commands::CreateTicket('Attachments', undef,
'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'FinalPriority', 0, 'new-RefersTo', '',
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at /usr/local/rt3/share/html/Ticket/Display.html line
72
HTML::Mason::Commands::__ANON__('CustomField-2-Values', 'Order Finalized',
'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '',
'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '',
'Attach', '', 'TimeWorked', '', 'CustomField-4-Value', '', 'id', 'new',
'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'RefersTo-new', '', 'TimeLeft', '',
'CustomField-5-Value', '', 'DependsOn-new', '', 'Owner', 320,
'CustomField-6-Value', '', 'new-MemberOf', '',
'CustomField-2-Values-Magic', 1, 'MemberOf-new', '', 'Content', 'Tammy:
Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Component.pm line 134
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x91aa2
48)', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'TimeWorked', '', 'CustomField-4-Value', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'new-RefersTo', '', 'FinalPriority', 0,
'RefersTo-new', '', 'TimeLeft', '', 'CustomField-5-Value', '',
'DependsOn-new', '', 'Owner', 320, 'CustomField-6-Value', '',
'new-MemberOf', '', 'CustomField-2-Values-Magic', 1, 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm line 1074
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm
line 1068
HTML::Mason::Request::comp(undef, undef, 'CustomField-2-Values', 'Order
Finalized', 'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing',
'AdminCc', '', 'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0,
'Starts', '', 'Attach', '', 'TimeWorked', '', 'CustomField-4-Value', '',
'id', 'new', 'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'RefersTo-new', '', 'TimeLeft', '',
'CustomField-5-Value', '', 'DependsOn-new', '', 'Owner', 320,
'CustomField-6-Value', '', 'new-MemberOf', '',
'CustomField-2-Values-Magic', 1, 'MemberOf-new', '', 'Content', 'Tammy:
Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at /usr/local/rt3/share/html/Ticket/Create.html line
255
HTML::Mason::Commands::__ANON__('CustomField-2-Values', 'Order Finalized',
'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '',
'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '',
'Attach', '', 'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new',
'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'TimeLeft', '', 'RefersTo-new', '',
'CustomField-5-Value', '', 'CustomField-6-Value', '', 'Owner', 320,
'DependsOn-new', '', 'CustomField-2-Values-Magic', 1, 'new-MemberOf', '',
'MemberOf-new', '', 'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'FinalPriority', 0, 'new-RefersTo', '',
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Component.pm line 134
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x943a4
f4)', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'new-RefersTo', '', 'FinalPriority', 0,
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'FinalPriority', 0, 'new-RefersTo', '',
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm line 1074
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm
line 1068
HTML::Mason::Request::comp(undef, undef, 'CustomField-2-Values', 'Order
Finalized', 'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing',
'AdminCc', '', 'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0,
'Starts', '', 'Attach', '', 'CustomField-4-Value', '', 'TimeWorked', '',
'id', 'new', 'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'TimeLeft', '', 'RefersTo-new', '',
'CustomField-5-Value', '', 'CustomField-6-Value', '', 'Owner', 320,
'DependsOn-new', '', 'CustomField-2-Values-Magic', 1, 'new-MemberOf', '',
'MemberOf-new', '', 'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'FinalPriority', 0, 'new-RefersTo', '',
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm line 760
HTML::Mason::Request::call_next('HTML::Mason::Request::CGI=HASH(0x9428f40)'
, 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'FinalPriority', 0, 'new-RefersTo', '',
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at /usr/local/rt3/share/html/autohandler line 196
HTML::Mason::Commands::__ANON__('CustomField-2-Values', 'Order Finalized',
'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '',
'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '',
'Attach', '', 'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new',
'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'TimeLeft', '', 'RefersTo-new', '',
'CustomField-5-Value', '', 'CustomField-6-Value', '', 'Owner', 320,
'DependsOn-new', '', 'CustomField-2-Values-Magic', 1, 'new-MemberOf', '',
'MemberOf-new', '', 'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Component.pm line 134
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x907ca
18)', 'CustomField-2-Values', 'Order Finalized', 'Status', 'new',
'new-DependsOn', '', 'Queue', 'Purchasing', 'AdminCc', '', 'Requestors',
'xxxxxx at here.com', 'InitialPriority', 0, 'Starts', '', 'Attach', '',
'CustomField-4-Value', '', 'TimeWorked', '', 'id', 'new', 'Cc', '',
'Subject', 'Terminal Server', 'new-RefersTo', '', 'FinalPriority', 0,
'TimeLeft', '', 'RefersTo-new', '', 'CustomField-5-Value', '',
'CustomField-6-Value', '', 'Owner', 320, 'DependsOn-new', '',
'CustomField-2-Values-Magic', 1, 'new-MemberOf', '', 'MemberOf-new', '',
'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm line 1072
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm
line 1068
HTML::Mason::Request::comp(undef, undef, undef, 'CustomField-2-Values',
'Order Finalized', 'Status', 'new', 'new-DependsOn', '', 'Queue',
'Purchasing', 'AdminCc', '', 'Requestors', 'xxxxxx at here.com',
'InitialPriority', 0, 'Starts', '', 'Attach', '', 'CustomField-4-Value',
'', 'TimeWorked', '', 'id', 'new', 'Cc', '', 'Subject', 'Terminal Server',
'new-RefersTo', '', 'FinalPriority', 0, 'TimeLeft', '', 'RefersTo-new', '',
'CustomField-5-Value', '', 'CustomField-6-Value', '', 'Owner', 320,
'DependsOn-new', '', 'CustomField-2-Values-Magic', 1, 'new-MemberOf', '',
'MemberOf-new', '', 'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm line 338
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm
line 338
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Request.pm
line 297
HTML::Mason::Request::exec('HTML::Mason::Request::CGI=HASH(0x9428f40)')
called at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/CGIHandler.pm
line 197
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/CGIHandler.pm
line 197
HTML::Mason::Request::CGI::exec('HTML::Mason::Request::CGI=HASH(0x9428f40)'
) called at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/Interp.pm line
207
HTML::Mason::Interp::exec(undef, undef, 'CustomField-2-Values', 'Order
Finalized', 'Status', 'new', 'new-DependsOn', '', 'Queue', 'Purchasing',
'AdminCc', '', 'Requestors', 'xxxxxx at here.com', 'InitialPriority', 0,
'Starts', '', 'Attach', '', 'CustomField-4-Value', '', 'TimeWorked', '',
'id', 'new', 'Cc', '', 'Subject', 'Terminal Server', 'new-RefersTo', '',
'FinalPriority', 0, 'TimeLeft', '', 'RefersTo-new', '',
'CustomField-5-Value', '', 'CustomField-6-Value', '', 'Owner', 320,
'DependsOn-new', '', 'CustomField-2-Values-Magic', 1, 'new-MemberOf', '',
'MemberOf-new', '', 'Content', 'Tammy: Please expedite
eQuote: X001231234
Description: Terminal Server
Amount: 3214.71
Account: 123456
', 'Due', '') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/CGIHandler.pm line 127
eval {...} at /usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/CGIHandler.pm
line 127
HTML::Mason::CGIHandler::_handler('HTML::Mason::CGIHandler=HASH(0x8e9a158)'
, 'HASH(0x9512d3c)') called at
/usr/local/lib/perl5/site_perl/5.8.4/HTML/Mason/CGIHandler.pm line 76
HTML::Mason::CGIHandler::handle_cgi_object('HTML::Mason::CGIHandler=HASH(0x
8e9a158)', 'CGI::Fast=HASH(0x9461188)') called at
/usr/local/rt3/bin/mason_handler.fcgi line 55
eval {...} at /usr/local/rt3/bin/mason_handler.fcgi line 55
--
Brent B. Powers
Manager, Information Technology
Department of Pathology
Columbia University
More information about the Rt-devel
mailing list