[rt-users] Insecure dependency in eval..

Glen Gyldersleve Glen at canright.com
Thu Dec 30 17:39:42 EST 2004 

RT 3.2.2

I have nothing in rt/bin setuid (I did a generic make install).

I re-ran a quick make-install (backed up and copied over the site
config).

ls -l bin
total 124
-rwxr-xr-x  1 root rt    3069 Dec 29 16:48 mason_handler.fcgi
-rw-r--r--  1 root root  2288 Dec 29 16:48 mason_handler.scgi
-rwxr-xr-x  1 root rt    7712 Dec 29 16:48 mason_handler.svc
-rwxr-xr-x  1 root rt   54275 Dec 29 16:48 rt
-rwxr-xr-x  1 root rt    7459 Dec 29 16:48 rt-crontool
-rwxr-xr-x  1 root rt   21568 Dec 29 16:48 rt-mailgate
-rw-r--r--  1 root root  6815 Dec 29 16:48 standalone_httpd
-rwxr-xr-x  1 root rt    4209 Dec 29 16:48 webmux.pl

Still getting errors:

error:   	Insecure dependency in require while running with -T
switch at
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/Serialize/Storable.pm line
21
context:  	
...  	
197:  	# whether they should generate a full stack trace (confess() and
cluck())
198:  	# or simply report the caller's package (croak() and carp()),
respectively.
199:  	# confess() and croak() die, carp() and cluck() warn.
200:  	
201:  	sub croak { die shortmess @_ }
202:  	sub confess { die longmess @_ }
203:  	sub carp { warn shortmess @_ }
204:  	sub cluck { warn longmess @_ }
205:  	
...  	
code stack:  	/usr/lib/perl5/5.8.5/Carp.pm:201
/usr/lib/perl5/5.8.5/AutoLoader.pm:112
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/Serialize/Storable.pm:21
/usr/lib/perl5/site_perl/5.8.5/Apache/Session.pm:522
/usr/lib/perl5/site_perl/5.8.5/Apache/Session.pm:477
/usr/lib/perl5/site_perl/5.8.5/HTML/Mason/Request.pm:1078


Glen Gyldersleve
Account Manager
Canright Systems, Inc
(503) 968-9898 x425



> -----Original Message-----
> From: Jesse Vincent [mailto:jesse at bestpractical.com] 
> Sent: Thursday, December 30, 2004 1:35 PM
> To: Glen Gyldersleve
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Insecure dependency in eval..
> 
> 
> What version of RT are you running? RT 3.2 and newer give you 
> new instructions about how to not run setuid, due to issues like this.
> 
> 	-jesse
> 
> 
> On Thu, Dec 30, 2004 at 11:38:33AM -0800, Glen Gyldersleve wrote:
> > I'm getting an error when trying to create a new ticket.
> > 
> > 
> > System error
> > error:  	Insecure dependency in eval while running with -T switch
> > at /usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm line 247.
> > context:  	
> > ...  	
> > 243:  	unshift @code, "use strict; sub {\n";
> > 244:  	push @code, "}\n";
> > 245:  	
> > 246:  	print @code if DEBUG;
> > 247:  	my $sub = eval(join '', @code);
> > 248:  	die "$@ while evalling" . join('', @code) if 
> $@; # Should be
> > impossible.
> > 249:  	return $sub;
> > 250:  	}
> > 251:  	
> > ...  	
> > code stack:  	/usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm:247
> > /usr/lib/perl5/5.8.5/Locale/Maketext.pm:196
> > /usr/local/rt/lib/RT/CurrentUser.pm:398
> > /usr/local/rt/lib/RT/Base.pm:119 
> > /usr/local/rt/lib/RT/Ticket_Overlay.pm:1570
> > /usr/local/rt/lib/RT/Ticket_Overlay.pm:657
> > /usr/local/rt/lib/RT/Interface/Web.pm:340
> > /usr/local/rt/share/html/Ticket/Display.html:101
> > /usr/local/rt/share/html/Ticket/Create.html:279
> > /usr/local/rt/share/html/autohandler:221	
> > 
> > Glen Gyldersleve
> > Account Manager
> > Canright Systems, Inc
> > (503) 968-9898 x425
> > 
> > _______________________________________________
> > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> > 
> > Be sure to check out the RT wiki at http://wiki.bestpractical.com
> > 
> 
> -- 
>

More information about the rt-users mailing list