[rt-users] RT 3.4.4 RedHat - "tained" data in webmux.pl

Goddard Lee lee.goddard at easa.eu.int
Thu Jan 12 09:53:13 EST 2006


When running RT 3.4.4, clean install, on a Red Hat box, with Apache 2.0 mod_perl:

[Thu Jan 12 16:37:29 2006] [error] Insecure dependency in unlink while running with -T switch at /usr/local/lib/perl5/5.8.7/File/Path.pm line 267.\nCompilation failed in require at (eval 2) line 1.\n
[Thu Jan 12 16:37:29 2006] [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server crtd.easa.local:0, exiting...

The data can't actually be tainted, so inserting the following seems safe - doesn't it?

 98     my ($path) = "$RT::MasonDataDir/obj/*" =~ /^.*$/;
 99     rmtree([ bsd_glob($path) ], 0, 1);

Lee Goddard
Internet Application Analysis/Development
European Aviation Safety Agency
Administrative Directorate

E: Lee.Goddard at EASA.EU.int 
T: +49 221 89990 3221
F: +49 221 89990 3721
W: www.easa.eu.int
:: Ottoplat 1, D-50679 Köln, Germany



More information about the rt-users mailing list