perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Heiko Weber <he...@wecos.de>
Subject Re: Apache mod_perl Insecure dependency RegistryCooker.pm
Date Mon, 17 Jul 2006 08:30:45 GMT
Am Donnerstag, 13. Juli 2006 22:12 schrieb Philip M. Gollucci:
> Heiko Weber wrote:
> >>> cgi-code I must use a taited variable. But how to find the line of code
> >>> ?
> >
> > thanks for the hint. I added a <Perl>-section in httpd.conf:
> >         <Perl>
> >                 use Carp;
> >                 $SIG{__DIE__} = sub { confess shift };
> >                 $SIG{__WARN__} = \&Carp::cluck;
> >         </Perl>
> >
> > at /usr/local/etc/apache2/httpd.conf line 1061
> > (unknown)('Insecure dependency in eval while running setgid at
> > /usr/loca...') called at
> > /usr/local/lib/perl5/site_perl/5.8.7/mach/ModPerl/RegistryCooker.pm line
> > 676
>
> sadly thats the eval $$eval (which is your source code)
>
> what happens if you try the script from command line under -T and run it
> setgid. That might give you a better stack trace as that takes ModPerl::*
> out of the mix.

Didn't work, the warning seems to depend on the parameter passed to it.
(I use CGI.pm). Maybe it is one of the cookies or only on "POST" form data.
I was not able to reproduce the warning in any way. I added all parameter
from access_log to the comand line ...

Maybe I will have success in saving the CGI.pm state with 

$query->save(\*FILEHANDLE)

and later I can use the saved state to reproduce the warning.
Anyone know how to make a string-FILEHANDLE (like C++ strstream),
to save() into a string which could then be written into a database with
a sequence number ?

Heiko

Mime
View raw message