perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roberto C. Sánchez <robe...@connexer.com>
Subject Re: Trouble with mod_perl, Archive::Zip and taint mode
Date Fri, 30 May 2008 01:35:56 GMT
On Tue, May 27, 2008 at 05:48:14PM -0400, Perrin Harkins wrote:
> On Sun, May 25, 2008 at 3:45 PM, Roberto C. Sánchez
> > [Sun May 25 08:57:35 2008] [error] [asp] [11570] [error] error executing
> > code for include /var/www/templates/Photo_page_edit.tmpl: Insecure
> > dependency in open while running setgid at /usr/lib/perl/5.8/IO/File.pm
> > line 70. <--> ; compiled to SCALAR(0x91f6f24) at
> > /usr/share/perl5/Apache/ASP/Response.pm line 844. <--> ,
> > /usr/share/perl5/Apache/ASP.pm line 1521
> 
> You may be seeing the same problem that these people had:
> http://mail-archives.apache.org/mod_mbox/perl-modperl/200705.mbox/%3cD4E105722D20344AA9F50C624B1C24EE0B2E1932@LDNPCMEU301VEUA.INTRANET.BARCAPINT.COM%3e
> 
> If so, upgrading to Perl 5.8.8+ and mod_perl 2.0.3+ will probably fix it.
> 
That was it.  Etch already has Perl 5.8.8, but only mod_perl 2.0.2.
Updating to 2.0.4 cause that particular error to go away.  Of course I
have a different one now, but I am working on tracking it down.

> > P.S. The server running this site is Debian Etch, so unfortunately, I
> > cannot use Archive::Extract which is included in Perl 5.10.0.
> 
> Just because it's not part of the core perl libs doesn't mean you
> can't install it.  This problem is probably fixable by upgrading Perl
> or mod_perl though.
> 
Of course, except that if I install it, as soon as I upgrade the server
to the next Debian release, I will have a conflict.  That is why I was
trying to avoid installing it "out of band", so to speak.

Thanks for the tip on the mailing list thread.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Mime
View raw message