[Rt-devel] Insecure Dependency in Config.pm

[Bill McDowell]

Hello

So rt 3.8.1 is installed.  But, when the apache server is started, the
following error is generated.

[error] Couldn't load RT config file RT_SiteConfig.pm:\n\nInsecure
dependency in require while running with -T switch at
/opt/rt3/bin/../lib/RT/Config\
.pm line 421.\nBEGIN failed--compilation aborted at /opt/rt3/bin/webmux.pl
line 103.\nCompilation failed in require at (eval 92) line 1.\n
[Wed Oct 01 16:34:11 2008] [error] Can't load Perl file:
/opt/rt3/bin/webmux.pl

Here is the code in Config.pm around the error...

        package RT;
        local *Set = sub(\[$@%]@) {
            my ( $opt_ref, @args ) = @_;
            my ( $pack, $file, $line ) = caller;
            return $self->SetFromConfig(
                Option     => $opt_ref,
                Value      => [@args],
                Package    => $pack,
                File       => $file,
                Line       => $line,
                SiteConfig => $is_site,
                Extension  => $is_ext,
            );
        };
        my @etc_dirs = ($RT::LocalEtcPath);
        push @etc_dirs, RT->PluginDirs('etc') if $is_ext;
        push @etc_dirs, $RT::EtcPath, @INC;
        local @INC = @etc_dirs;

        require $args{'File'};


It fails at the require.  I was lead to believe that $args{'File'} was
tainted.  But, I tested it with

sub is_tainted {
     return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1};
}

and found that it was not tainted.

So I'm not sure what the problem is.

Thanks,

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bestpractical.com/pipermail/rt-devel/attachments/20081005/5779874a/attachment.htm