howdy folks:
i wanted to test out rt2 with vhosts and fstcgi. box is FreeBSD and has
suid perl enabled. perl, version 5.005_03. when i try to access the
web ui i get the following:
Insecure dependency in mkdir while running setgid at
/usr/libdata/perl/5.00503/File/Path.pm line 137, chunk 1.
Stack:
[/usr/libdata/perl/5.00503/File/Path.pm:137]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:566]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:258]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:174]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:138]
[/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:194]
[/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:257]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:168]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:162]
[/home/www/foo.com/rt/bin/mason_handler.fcgi:208]
vhost block of apache (1.3.26) looks like this:
DocumentRoot /home/www/foo.com/rt/WebRT/html
ServerName rt.foo.com
AddHandler fastcgi-script fcgi fcgi fpl
FastCgiServer /home/www/foo.com/rt/bin/mason_handler.fcgi
ScriptAlias / /home/www/foo.com/rt/mason_handler.fcgi/
Alias /NoAuth/images/rt.jpg
/home/www/foo.com/rt/WebRT/html/NoAuth/images/rt.jpg
http-err.log yields warning like this:
[Sat Sep 28 15:31:37 2002] [notice] FastCGI: process manager initialized
(pid 5653)
[Sat Sep 28 15:31:37 2002] [warn] FastCGI: server
"/home/www/foo.com/rt/bin/mason_handler.fcgi" started (pid 5654)
[Sat Sep 28 15:31:38 2002] [notice] Apache/1.3.26 (Unix)
mod_fastcgi/2.2.12 mod_ssl/2.8.10 OpenSSL/0.9.6e configured – resuming
normal operations
[Sat Sep 28 15:31:38 2002] [notice] Accept mutex: flock (Default: flock)
don’t know if this has relevance, but rt group is member of apache group
www and logs dir is chgrp’d to rt and chmod’d to 755. rt log file gets
ceated thusly however:
-rw------- 1 www rt 0 Sep 28 14:54 rt.log80
i’m not much of a perl person. anyone can give me a clue or two??
tia-- ken
I don’t know about the particular code, but in general if you need to
un-taint a perl variable, this is one way to do it:
$var =~ /^([^\000]*)$/;
It’s just one of those perl tricks, I guess. Maybe you just need to do
that on the whatever data is causing the problem.
But of course if the data really could be tainted, it might be better
to make sure it’s safe before handing it to mkdir. Perl’s pretty smart
about those things.
– Gary
Ken Gunderson wrote:
howdy folks:
i wanted to test out rt2 with vhosts and fstcgi. box is FreeBSD and
has suid perl enabled. perl, version 5.005_03. when i try to access
the web ui i get the following:
sorry to be following up on my own post, but just go it to work. i
thought it odd that the same config would work with mod_perl, but not
fastcgi. enabled special char view in vi and had a special char hiding
on end of my ScriptAlias line. gotta watch those cut and paste
jobs…
thanks to those who made suggestions.
regards-- ken
i should add that mod_perl works just fine- if i bring up mod_perl
version dirs are created. then i can bring up fastcgi version, and it
will use the dirs, but the mkdir perms or taint checks are foobared as
soon as you try to do something that needs to mkdir…
any ideas?
thanks-- kenOn Saturday 28 September 2002 04:01 pm, Ken Gunderson wrote:
howdy folks:
i wanted to test out rt2 with vhosts and fstcgi. box is FreeBSD and
has suid perl enabled. perl, version 5.005_03. when i try to access
the web ui i get the following:
Insecure dependency in mkdir while running setgid at
/usr/libdata/perl/5.00503/File/Path.pm line 137, chunk 1.
Stack:
[/usr/libdata/perl/5.00503/File/Path.pm:137]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:566]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:258]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:174]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Request.pm:138]
[/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:194]
[/usr/local/lib/perl5/site_perl/5.005/Class/Container.pm:257]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:168]
[/usr/local/lib/perl5/site_perl/5.005/HTML/Mason/Interp.pm:162]
[/home/www/foo.com/rt/bin/mason_handler.fcgi:208]
vhost block of apache (1.3.26) looks like this:
DocumentRoot /home/www/foo.com/rt/WebRT/html
ServerName rt.foo.com
AddHandler fastcgi-script fcgi fcgi fpl
FastCgiServer /home/www/foo.com/rt/bin/mason_handler.fcgi
ScriptAlias / /home/www/foo.com/rt/mason_handler.fcgi/
Alias /NoAuth/images/rt.jpg
/home/www/foo.com/rt/WebRT/html/NoAuth/images/rt.jpg
http-err.log yields warning like this:
[Sat Sep 28 15:31:37 2002] [notice] FastCGI: process manager
initialized (pid 5653)
[Sat Sep 28 15:31:37 2002] [warn] FastCGI: server
“/home/www/foo.com/rt/bin/mason_handler.fcgi” started (pid 5654)
[Sat Sep 28 15:31:38 2002] [notice] Apache/1.3.26 (Unix)
mod_fastcgi/2.2.12 mod_ssl/2.8.10 OpenSSL/0.9.6e configured –
resuming normal operations
[Sat Sep 28 15:31:38 2002] [notice] Accept mutex: flock (Default:
flock)
don’t know if this has relevance, but rt group is member of apache
group www and logs dir is chgrp’d to rt and chmod’d to 755. rt log
file gets ceated thusly however:
-rw------- 1 www rt 0 Sep 28 14:54 rt.log80
i’m not much of a perl person. anyone can give me a clue or two??
tia-- ken
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at
http://fsck.com/rtfm
“KG” == Ken Gunderson ken@teamcool.net writes:
KG> howdy folks:
KG> i wanted to test out rt2 with vhosts and fstcgi. box is FreeBSD and has
KG> suid perl enabled. perl, version 5.005_03. when i try to access the
KG> web ui i get the following:
KG> Insecure dependency in mkdir while running setgid at
KG> /usr/libdata/perl/5.00503/File/Path.pm line 137, chunk 1.
For some reason, I see this on occasion when I start apache in some
arbitrary directory. If I run it from root’s home directory,
everything works fine. No idea why.
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/