[rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch

Kim Pedersen lists at kimp.org
Tue Jan 18 08:39:00 EST 2011 

LOL - that figures :-)

Yes, the path and permissions is alright - I can switch to the Apache 
user and all the perl modules in "/usr/lib/perl5/5.10.1/File" are 444, 
with the path directories being 755

It's Line 250 in /usr/lib/perl5/5.10.1/File/Path.pm that throws off 
webmux.pl. Could it be some sort of RT/Webmux compatibility issue /bug 
with Mandriva Perl 5.10.1?
  - Again the live installation is running with the same version of 
Perl, and I've compared the Path.pm & webmux.pl files between systems 
and they are identical

--- /usr/lib/perl5/5.10.1/File/Path.pm ---
         if ( -d _ ) {
             $root = VMS::Filespec::pathify($root) if $Is_VMS;

Line 250    if (!chdir($root)) {
                 # see if we can escalate privileges to get in
                 # (e.g. funny protection mask such as -w- instead of rwx)
                 $perm &= 07777;
                 my $nperm = $perm | 0700;
                 if (!($arg->{safe} or $nperm == $perm or chmod($nperm, 
$root))) {
                     _error($arg, "cannot make child directory 
read-write-exec", $canon);
                     next ROOT_DIR;
                 }
                 elsif (!chdir($root)) {
                     _error($arg, "cannot chdir to child", $canon);
                     next ROOT_DIR;
                 }
             }
---------------------------------------


Kim P

On 2011-01-18 08:25, Schincke, Keith D. (JSC-IT)[DB Consulting Group, 
Inc.] wrote:
> My typo. It should have been "perl module".
>
> Is the path to/usr/lib/perl5/5.10.1/File/Path.pm readable by the apache user? Each of the directories should be 755 with the perl module being 644.
>
> I sometimes get DAG modules installing with a 750 and 640 respectively. Everything passes as root but fails as a user.
>
> Keith
> ________________________________________
> From: rt-users-bounces at lists.bestpractical.com [rt-users-bounces at lists.bestpractical.com] On Behalf Of Kim Pedersen [lists at kimp.org]
> Sent: Tuesday, January 18, 2011 12:48 AM
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch
>
> Hi Keith,
>
> I am not sure I understand 100% what permissions to the "perl mode" means.
>
> But the line calling File::Path in /usr/sbin/webmux.pl refers to "$RT::MasonDataDir", which points to /var/cache/rt/mason_data/.
>
> The content and permissions of that folder is the following:
>
> drwxrwx--- 5 apache apache 38 2011-01-18 01:06 ./
> drwxr-xr-x 4 root   root   42 2011-01-18 01:06 ../
> drwxrwx--- 2 apache apache  6 2011-01-18 01:06 cache/
> drwxrwx--- 2 apache apache  6 2011-01-18 01:06 etc/
> drwxrwx--- 3 apache apache 50 2011-01-18 01:06 obj/
>
> The "obj" dir has session related files in it (That are recreated by apache if I empty the folders) all created by apache, and apache also has the permissions to delete the files
>
>
> It looks like webmux.pl is trying to clean out the /var/cache/rt/mason_data/obj folder and failing for some reason, with "Insecure dependency in mkdir while running with -T switch at /usr/lib/perl5/5.10.1/File/Path.pm line 108, line 2. "
>
> if ( $ENV{'MOD_PERL'}&&  !RT->Config->Get('DevelMode')) {
>      # Under static_source, we need to purge the component cache
>      # each time we restart, so newer components may be reloaded.
>      #
>      # We can't do this in FastCGI or we'll blow away the component
>      # root _every_ time a new server starts which happens every few
>      # hits.
>
>      require File::Path;
>      require File::Glob;
>      my @files = File::Glob::bsd_glob("$RT::MasonDataDir/obj/*");
>      File::Path::rmtree([ @files ], 0, 1) if @files;
> }
>
> 1;
>
>
> Kim P
>
>
>
>
> On 2011-01-18 02:32, Schincke, Keith D. (JSC-IT)[DB Consulting Group, Inc.] wrote:
> What are the directory permissions to the perl mode?
> One of the directories or the Path.pm file may not allow the web process to access the file.
>
> Keith
>
>
> Sent from my Verizon Wireless Phone
>
> ----- Reply message -----
> From: "Kim Pedersen"<lists at kimp.org><mailto:lists at kimp.org>
> Date: Mon, Jan 17, 2011 11:28 pm
> Subject: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch
> To: "rt-users at lists.bestpractical.com"<mailto:rt-users at lists.bestpractical.com>  <rt-users at lists.bestpractical.com><mailto:rt-users at lists.bestpractical.com>
>
>
> Hi everyone,.
>
> I am installing a cloned copy of our live 3.8.8 RT installation (To test
> a restoration/reinstallation and later to play with the 3.9.4 release).
>
> The new server is running Apache 2.2.15 with mod_perl 2.0.4 on Mandriva
> 2010.1 x64, with Postgresql 9.0 - which is the same as the live server.
>
> And the RT version is installed from RPM (built from a modified Mandriva
> .spec file, updated to work with 3.8.8)
>
> After installing RT I can't start Apache any longer and I am stuck with
> the following problem in my apache log:
>
> [error] Insecure dependency in chdir while running with -T switch at
> /usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
> require at (eval 2) line 1.\n
> [error] Can't load Perl file: /usr/sbin/webmux.pl for server
> www.testserver.com:0<http://www.testserver.com:0>, exiting...
>
>
> If I run webmux.pl manually as root, there are no Perl errors. A "make
> testdeps" from the RT sources show all dependencies being okay as well.
> The RT config files are the same as on the live server -  File::Path is
> called at the end of webmux.pl, but I am just lost for what to look for
> / how to troubleshoot this.
>
>
> Any hints / pointers?
>
>
> Regards
>
> Kim P
>
>
>

More information about the rt-users mailing list