Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] Insecure dependency in open while running setuid
- From: Mark K <address@concealed>
- To: address@concealed
- Subject: Re: [sympa-users] Insecure dependency in open while running setuid
- Date: Wed, 12 Dec 2007 15:25:17 +0000
wwsympa-wrapper.fcgi *is* the C wrapper setuid as recommended going
forward from v5.4.
The only thing that changed was adding a list and
the create_list_template that I had made was flawed so there was an
error in the web_archive:access setting. I edited the list config file
manually. Perhaps that caused an issue with the lock?
On Wed, 12 Dec 2007 11:07:12 +0100
David Verdin <address@concealed> wrote:
> Sorry : the citation was found in the perldiag manpage.
>
> David Verdin a écrit :
> > Hi Mark,
> >
> > Mark K a écrit :
> >> I am getting this error now when trying to access the web
> >> interface.
> > What do you mean by "now" ? What did you change recently in Sympa
> > or perl ?
> > It's a fatal error due to the tainted mode activated while running
> > setuid.
> >
> > " Insecure dependency in %s
> > (F) You tried to do something that the tainting mechanism didn’t
> > like. The tainting mechanism is turned on when you’re running
> > setuid or setgid, or when you specify -T to turn it on explicitly.
> > The tainting mechanism labels all data that’s derived
> > directly or indirectly from the user, who is considered to be
> > unworthy of your trust. If any such data is used in a "dangerous"
> > operation, you get this error. See perlsec for more information.
> > "
> >> That line is :
> >> ## Read access to prevent "Bad file number" error on Solaris
> >> my $fh;
> >> --> unless (open $fh, $open_mode.$lock_file) {
> >> &do_log('err', 'Cannot open %s: %s', $lock_file, $!);
> >> return undef;
> >> }
> >>
> >> I am running mod_fcgid and have wwsympa-wrapper.fcgi setuid. Any
> >> hints?
> > Give up the setuid mode. :)
> > Setuid is no longer maintained and then considered insecure.
> > You should use sudo or the C wrapper. The C wrapper will be the
> > default behaviour starting version 5.4.
> > See:
> > https://www.sympa.org/wiki/manual/web-interface#wwsympa.fcgi_access_permissions
> >
> >
> >
> > Regards,
> >
>
--
Mark K
-
[sympa-users] Insecure dependency in open while running setuid at /home/sympa/bin/Lock.pm line 203.,
Mark K, 12/11/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
David Verdin, 12/12/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
David Verdin, 12/12/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
Mark K, 12/12/2007
- Re: [sympa-users] Insecure dependency in open while running setuid, Mark K, 12/12/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
Mark K, 12/12/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
David Verdin, 12/12/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
Olivier Salaün, 12/13/2007
- Re: [sympa-users] Insecure dependency in open while running setuid, Mark K, 12/13/2007
-
Re: [sympa-users] Insecure dependency in open while running setuid,
David Verdin, 12/12/2007
Archive powered by MHonArc 2.6.19+.