[rt-users] RT 3.4.4 RedHat - "tained" data in webmux.pl
Goddard Lee
lee.goddard at easa.eu.int
Thu Jan 12 09:53:13 EST 2006
When running RT 3.4.4, clean install, on a Red Hat box, with Apache 2.0 mod_perl:
[Thu Jan 12 16:37:29 2006] [error] Insecure dependency in unlink while running with -T switch at /usr/local/lib/perl5/5.8.7/File/Path.pm line 267.\nCompilation failed in require at (eval 2) line 1.\n
[Thu Jan 12 16:37:29 2006] [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server crtd.easa.local:0, exiting...
The data can't actually be tainted, so inserting the following seems safe - doesn't it?
98 my ($path) = "$RT::MasonDataDir/obj/*" =~ /^.*$/;
99 rmtree([ bsd_glob($path) ], 0, 1);
Lee Goddard
Internet Application Analysis/Development
European Aviation Safety Agency
Administrative Directorate
E: Lee.Goddard at EASA.EU.int
T: +49 221 89990 3221
F: +49 221 89990 3721
W: www.easa.eu.int
:: Ottoplat 1, D-50679 Köln, Germany
More information about the rt-users
mailing list