[rt-users] Insecure dependency running setgid in Guts.pm
Jesse Vincent
jesse at bestpractical.com
Tue Apr 20 15:01:03 EDT 2004
Ok. Another workaround is to use apache's suexec functionality, rather
than setgid perl. The author of Locale::Maketext hasn't been able to
track this issue yet.
On Tue, Apr 20, 2004 at 02:55:35PM -0400, Parish, Brent wrote:
> Hi.
>
> I saw this error on the list Thu 4/15/2004, reported on RH9. I am seeing this on Solaris 9, Perl 5.8.3, RT 3.0.10.
> I have seen this in several places, but this particular one (below) was while modifying a ticket and dropping a requestor from it.
> I upgraded Locale::Maketext to 1.09, but got the error again. I have a number of users (about 20) hitting the RT servers (there are 3, load balanced with persistent sessions behind a VIP) fairly regularly through the day. I see this error probably about three times an hour or more. Anyone have any ideas? Also, I only saw this error after upgrading to 3.0.10 (from 3.0.9 for performance).
>
> Thanks!
> Brent
>
> =========== ERROR =================
>
> error: Insecure dependency in eval while running setgid at /usr/local/lib/perl5/5.8.3/Locale/Maketext/Guts.pm line 247.
>
> context: ...
> 243: unshift @code, "use strict; sub {\n";
> 244: push @code, "}\n";
> 245:
> 246: print @code if DEBUG;
> 247: my $sub = eval(join '', @code);
> 248: die "$@ while evalling" . join('', @code) if $@; # Should be impossible.
> 249: return $sub;
> 250: }
> 251:
> ...
>
> code stack: /usr/local/lib/perl5/5.8.3/Locale/Maketext/Guts.pm:247
> /usr/local/lib/perl5/5.8.3/Locale/Maketext.pm:195
> /opt/rt3/lib/RT/CurrentUser.pm:360
> /opt/rt3/lib/RT/Base.pm:97
> /opt/rt3/lib/RT/Ticket_Overlay.pm:1601
> /opt/rt3/lib/RT/Interface/Web.pm:1265
> /opt/rt3/share/html/Ticket/ModifyPeople.html:49
> /opt/rt3/share/html/autohandler:195
>
> =========== END ERROR =================
>
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com]On Behalf Of Jesse
> Vincent
> Sent: Thursday, April 15, 2004 1:51 PM
> To: thuryn at aplis.cz
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [Rt-users] RT 3.0.10 on RH 9
>
>
>
> What version of Locale::Maketext are you running with. If you upgrade to
> the latest version, does it go away?
>
> On Thu, Apr 15, 2004 at 11:39:52AM +0200, Tom Hurn wrote:
> > Hallo,
> > I get error below after upgrading RT to 3.0.10 and I click on
> > https://rt.aplis.com/Admin/Global/Template.html?Queue=0&Template=14
> >
> >
> > Error:
> > Insecure dependency in eval while running setgid
> > at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247.
> >
> >
> > Trace begun at /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Exceptions.pm line
> > 131
> > HTML::Mason::Exceptions::rethrow_exception('Insecure dependency in eval while
> > running setgid at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247..^J')
> > called at /usr/lib/perl5/5.8.0/Locale/Maketext/Guts.pm line 247
> > Locale::Maketext::_compile('RT::I18N::cs=HASH(0x958aa80)', 'M-Zprava vzoru
> > [_1]') called at /usr/lib/perl5/5.8.0/Locale/Maketext.pm line 189
> > --
> > Tomáš Hurýn
> >
> ***********************************************************************
> This message is intended only for the use of the intended recipient and
> may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you
> are not the intended recipient, you are hereby notified that any use,
> dissemination, disclosure or copying of this communication is strictly
> prohibited. If you have received this communication in error, please
> destroy all copies of this message and its attachments and notify us
> immediately.
> ***********************************************************************
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> RT Developer and Administrator training is coming to LA, DC and Frankfurt this spring and summer.
> http://bestpractical.com/services/training.html
>
> Sign up early, as class space is limited.
--
More information about the rt-users
mailing list