[rt-users] Warning - perl idiot here

Robert Grasso robert.grasso+nv at cedrat.com
Fri Jul 30 11:25:31 EDT 2010 

Hi,

My rights on /opt/rt3/etc/RT_Config.pm are 440 (should be the stock ones); now, from man perldoc :

SECURITY
       Because perldoc does not run properly tainted, and is known to have security issues, when
       run as the superuser it will attempt to drop privileges by setting the effective and real
       IDs to nobody’s or nouser’s account, or -2 if unavailable.  If it cannot relinquish its
       privileges, it will not run.

If I chmod 444 /opt/rt3/etc/RT_Config.pm, then perldoc (running as root) is able to display it, whereas before it failed as yours
did.

Hope this helps

---
Robert GRASSO – System engineer

CEDRAT S.A.
15 Chemin de Malacher - Inovallée - 38246 MEYLAN cedex - FRANCE 
Phone: +33 (0)4 76 90 50 45 - Fax: +33 (0)4 56 38 08 30
mailto:robert.grasso at cedrat.com - http://www.cedrat.com  

> -----Message d'origine-----
> De : rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] De la part 
> de Michael James
> Envoyé : 29 juillet 2010 21:26
> Cc : <RT Users
> Objet : Re: [rt-users] Warning - perl idiot here
> 
> Returns nothing. Ah well, I'll just read the darned file and 
> skip over the pod formatting. Thanks for the suggestion.
> 
> Mike
> 
> tracker:~ # perldoc -F /opt/rt3/etc/RT_Config.pm
> tracker:~ #
> 
> >>> Todd Chapman <todd at chaka.net> 7/29/2010 3:06 PM >>>
> Try: perldoc -F
> 
> On Thu, Jul 29, 2010 at 1:55 PM, Michael James
> <MJames at stonebridgebank.com> wrote:
> > How come I can't view the documentation with RT_Config.pm 
> using perldoc?
> >
> > tracker:~ # perldoc /opt/rt3/etc/RT_Config.pm
> > Can't open /opt/rt3/etc/RT_Config.pm: Permission denied at 
> /usr/lib/perl5/5.8.8/Pod/Perldoc.pm line 1380.
> >
> > Mike
> >
> >
> > The information in this message may be proprietary and/or 
> confidential, and protected from disclosure. If the reader of 
> this message is not the intended recipient, or an employee or 
> agent responsible for delivering this message to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, 
> please notify Stonebridge Bank immediately by replying to 
> this message and deleting it from your computer.
> >
> > Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> > Buy a copy at http://rtbook.bestpractical.com 
> >
> 
> 
> The information in this message may be proprietary and/or 
> confidential, and protected from disclosure. If the reader of 
> this message is not the intended recipient, or an employee or 
> agent responsible for delivering this message to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, 
> please notify Stonebridge Bank immediately by replying to 
> this message and deleting it from your computer.
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>

More information about the rt-users mailing list