The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Sorry : the citation was found in the perldiag manpage.

David Verdin a écrit :
> Hi Mark,
>
> Mark K a écrit :
> > I am getting this error now when trying to access the web interface.
> >   
> What do you mean by "now" ? What did you change recently in Sympa or 
> perl ?
> It's a fatal error due to the tainted mode activated while running 
> setuid.
>
> " Insecure dependency in %s
> (F) You tried to do something that the tainting mechanism didn’t like. 
> The tainting mechanism is turned on when you’re running
> setuid or setgid, or when you specify -T to turn it on explicitly. The 
> tainting mechanism labels all data that’s derived
> directly or indirectly from the user, who is considered to be unworthy 
> of your trust. If any such data is used in a "dangerous"
> operation, you get this error. See perlsec for more information.
> "
> > That line is :
> >  ## Read access to prevent "Bad file number" error on Solaris
> >     my $fh;
> > -->   unless (open $fh, $open_mode.$lock_file) {
> >         &do_log('err', 'Cannot open %s: %s', $lock_file, $!);
> >         return undef;
> >     }
> >
> > I am running mod_fcgid and have wwsympa-wrapper.fcgi setuid. Any hints?
> >   
> Give up the setuid mode. :)
> Setuid is no longer maintained and then considered insecure.
> You should use sudo or the C wrapper. The C wrapper will be the 
> default behaviour starting version 5.4.
> See: 
> https://www.sympa.org/wiki/manual/web-interface#wwsympa.fcgi_access_permissions 
>
>
> Regards,

--
David Verdin
Comité réseau des universités