[rt-users] issues with Taint mode?

Sullivan, Rob rsullivan at peerlessnetwork.com
Tue Jan 18 15:07:50 EST 2011


Resolved, thanks Alex for your post to the other webmux.pl thread.
Needed to comment out the perlswitches section of the mod_perl/apache
config.

 

From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Sullivan,
Rob
Sent: Thursday, January 13, 2011 6:18 PM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] issues with Taint mode?

 

Greetings.  I'm setting up a new RT 3.8.8 instance in a Solaris 10 zone
with apache2.2/modperl2.03/Perl5.8.8 (all packages from blastwave).  All
deps are met and it builds fine.  Web server user /group is
nobody/nobody, perl -c RT_SiteConfig.pm checks out fine.  Apache fails
when starting when I add the PerlRequire /opt/rt3/bin/webmux.pl line in
the V-host entry with the following error:

 

[Thu Jan 13 17:44:25 2011] [error] Couldn't load RT config file
RT_SiteConfig.pm:\n\nInsecure dependency in require while running with
-T switch at /opt/rt3/bin/../lib/RT/Config.pm line 562.\nCompilation
failed in require at (eval 7) line 1.\n

[Thu Jan 13 17:44:25 2011] [error] Can't load Perl file:
/opt/rt3/bin/webmux.pl for server rt01.chi1.prlss.net:0, exiting...

 

So it appears that something (setuid?) is trigging taint mode with perl,
which causes the app to fail.  I should add that I've got RT3.6.6
working with the same build of perl in a different zone, though that RT
install also came from blastwave.  Same apache/perl/modperl version and
config.  Is there anything I can do in the config to suppress taint
mode, or is there something obvious I'm missing?  Here's the
httpd-vhost.conf entry

 

NameVirtualHost *:80

#

<VirtualHost *:80>

    ServerName rt01.chi1.prlss.net

    ServerAlias tt.prlss.net

    ServerAdmin rsullivan at peerlessnetwork.com

    DocumentRoot /opt/rt3/share/html/

#    ErrorLog "/var/opt/csw/apache2/log/RT-error_log"

#    CustomLog "/var/opt/csw/apache2/log/RT-access_log" common

#    PerlModule Apache::DBI

    AddDefaultCharset UTF-8

    PerlRequire /opt/rt3/bin/webmux.pl

    <Directory /opt/rt3/share/html>

        Order allow,deny

        Allow from all

        SetHandler perl-script

        PerlResponseHandler RT::Mason

    </Directory>

</VirtualHost>

 

Thanks,

 

Rob 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110118/2e1eeda3/attachment.htm>


More information about the rt-users mailing list