[rt-users] little help w/ fastcgi please...
Gary Oberbrunner
garyo at genarts.com
Sat Sep 28 18:10:21 EDT 2002
I don't know about the particular code, but in general if you need to
un-taint a perl variable, this is one way to do it:
$var =~ /^([^\000]*)$/;
It's just one of those perl tricks, I guess. Maybe you just need to do
that on the whatever data is causing the problem.
But of course if the data really *could* be tainted, it might be better
to make sure it's safe before handing it to mkdir. Perl's pretty smart
about those things.
-- Gary
Ken Gunderson wrote:
> howdy folks:
>
> i wanted to test out rt2 with vhosts and fstcgi. box is FreeBSD and has
> suid perl enabled. perl, version 5.005_03. when i try to access the
> web ui i get the following:
>
> Insecure dependency in mkdir while running setgid at
> /usr/libdata/perl/5.00503/File/Path.pm line 137, chunk 1.
>
> Stack:
> [/usr/libdata/perl/5.00503/File/Path.pm:137]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:566]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:258]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:174]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:138]
> [/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:194]
> [/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:257]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:168]
> [/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:162]
> [/home/www/foo.com/rt/bin/mason_handler.fcgi:208]
More information about the rt-users
mailing list