Webmux.pl - Insecure dependency in chdir while running with -T switch

Kim_Pedersen · January 18, 2011, 5:27am

Hi everyone,.

I am installing a cloned copy of our live 3.8.8 RT installation (To test
a restoration/reinstallation and later to play with the 3.9.4 release).

The new server is running Apache 2.2.15 with mod_perl 2.0.4 on Mandriva
2010.1 x64, with Postgresql 9.0 - which is the same as the live server.

And the RT version is installed from RPM (built from a modified Mandriva
.spec file, updated to work with 3.8.8)

After installing RT I can’t start Apache any longer and I am stuck with
the following problem in my apache log:

[error] Insecure dependency in chdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
require at (eval 2) line 1.\n
[error] Can’t load Perl file: /usr/sbin/webmux.pl for server
www.testserver.com:0, exiting…

If I run webmux.pl manually as root, there are no Perl errors. A “make
testdeps” from the RT sources show all dependencies being okay as well.
The RT config files are the same as on the live server - File::Path is
called at the end of webmux.pl, but I am just lost for what to look for
/ how to troubleshoot this.

Any hints / pointers?

Regards

Kim P

Schincke_Keith_D_JSC · January 18, 2011, 6:32am

What are the directory permissions to the perl mode?
One of the directories or the Path.pm file may not allow the web process to access the file.

Keith

----- Reply message -----From: “Kim Pedersen” lists@kimp.org
Date: Mon, Jan 17, 2011 11:28 pm
Subject: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch
To: “rt-users@lists.bestpractical.com” rt-users@lists.bestpractical.com

Hi everyone,.

I am installing a cloned copy of our live 3.8.8 RT installation (To test
a restoration/reinstallation and later to play with the 3.9.4 release).

The new server is running Apache 2.2.15 with mod_perl 2.0.4 on Mandriva
2010.1 x64, with Postgresql 9.0 - which is the same as the live server.

And the RT version is installed from RPM (built from a modified Mandriva
.spec file, updated to work with 3.8.8)

After installing RT I can’t start Apache any longer and I am stuck with
the following problem in my apache log:

[error] Insecure dependency in chdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
require at (eval 2) line 1.\n
[error] Can’t load Perl file: /usr/sbin/webmux.pl for server
www.testserver.com:0 http://www.testserver.com:0, exiting…

If I run webmux.pl manually as root, there are no Perl errors. A “make
testdeps” from the RT sources show all dependencies being okay as well.
The RT config files are the same as on the live server - File::Path is
called at the end of webmux.pl, but I am just lost for what to look for
/ how to troubleshoot this.

Any hints / pointers?

Regards

Kim P

Kim_Pedersen · January 18, 2011, 6:48am

Hi Keith,

I am not sure I understand 100% what permissions to the "perl mode"
means.




But the line calling File::Path in /usr/sbin/webmux.pl refers to "<tt>$RT::MasonDataDir",
  which </tt>points to /var/cache/rt/mason_data/.




The content and permissions of that folder is the following:

drwxrwx— 5 apache apache 38 2011-01-18 01:06 ./

  drwxr-xr-x 4 root   root   42 2011-01-18 01:06 ../


  drwxrwx--- 2 apache apache  6 2011-01-18 01:06 cache/


  drwxrwx--- 2 apache apache  6 2011-01-18 01:06 etc/


  drwxrwx--- 3 apache apache 50 2011-01-18 01:06 obj/




  The "obj" dir has session related files in it (That are recreated
  by apache if I empty the folders) all created by apache, and
  apache also has the permissions to delete the files

It looks like webmux.pl is trying to clean out the
/var/cache/rt/mason_data/obj folder and failing for some reason,
with "Insecure dependency in mkdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 108, line 2.
"

if ( $ENV{‘MOD_PERL’} &&
!RT->Config->Get(‘DevelMode’)) {

      # Under static_source, we need to purge the component cache


      # each time we restart, so newer components may be reloaded.




      # We can't do this in FastCGI or we'll blow away the component


      # root _every_ time a new server starts which happens every
  few


      # hits.




      require File::Path;


      require File::Glob;


      my @files = File::Glob::bsd_glob("$RT::MasonDataDir/obj/*");


      File::Path::rmtree([ @files ], 0, 1) if @files;


  }




  1;

Kim POn 2011-01-18 02:32, Schincke, Keith D. (JSC-IT)[DB Consulting Group, Inc.] wrote:
<blockquote cite="mid:4137829F-F6FB-4374-8EAD-0C766AE7BD83@nasa.gov" type="cite">

What are the directory permissions to the perl mode?

  One of the directories or the Path.pm file may not allow the web
  process to access the file.




  Keith

----- Reply message -----

    From: "Kim Pedersen" <a class="moz-txt-link-rfc2396E" href="mailto:lists@kimp.org">&lt;lists@kimp.org&gt;</a>


    Date: Mon, Jan 17, 2011 11:28 pm


    Subject: [rt-users] webmux.pl - Insecure dependency in chdir
    while running with -T switch


    To: <a class="moz-txt-link-rfc2396E" href="mailto:rt-users@lists.bestpractical.com">"rt-users@lists.bestpractical.com"</a><a class="moz-txt-link-rfc2396E" href="mailto:rt-users@lists.bestpractical.com">&lt;rt-users@lists.bestpractical.com&gt;</a>






      Hi everyone,.




      I am installing a cloned copy of our live 3.8.8 RT
      installation (To test 


      a restoration/reinstallation and later to play with the 3.9.4
      release).




      The new server is running Apache 2.2.15 with mod_perl 2.0.4 on
      Mandriva 


      2010.1 x64, with Postgresql 9.0 - which is the same as the
      live server.




      And the RT version is installed from RPM (built from a
      modified Mandriva 


      .spec file, updated to work with 3.8.8)




      After installing RT I can't start Apache any longer and I am
      stuck with 


      the following problem in my apache log:




      [error] Insecure dependency in chdir while running with -T
      switch at 


      /usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation
      failed in 


      require at (eval 2) line 1.\n


      [error] Can't load Perl file: /usr/sbin/webmux.pl for server

www.testserver.com:0,
exiting…

      If I run webmux.pl manually as root, there are no Perl errors.
      A "make 


      testdeps" from the RT sources show all dependencies being okay
      as well.


      The RT config files are the same as on the live server - 
      File::Path is 


      called at the end of webmux.pl, but I am just lost for what to
      look for 


      / how to troubleshoot this.






      Any hints / pointers?






      Regards




      Kim P

Alex_Vandiver · January 18, 2011, 8:35am

[error] Insecure dependency in chdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
require at (eval 2) line 1.\n

We don’t support running RT under “taint mode.” Remove the
PerlTaintCheck line from your mod_perl configuration.

Alex

Schincke_Keith_D_JSC · January 18, 2011, 12:25pm

My typo. It should have been “perl module”.

Is the path to/usr/lib/perl5/5.10.1/File/Path.pm readable by the apache user? Each of the directories should be 755 with the perl module being 644.

I sometimes get DAG modules installing with a 750 and 640 respectively. Everything passes as root but fails as a user.

KeithFrom: rt-users-bounces@lists.bestpractical.com [rt-users-bounces@lists.bestpractical.com] On Behalf Of Kim Pedersen [lists@kimp.org]
Sent: Tuesday, January 18, 2011 12:48 AM
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch

Hi Keith,

I am not sure I understand 100% what permissions to the “perl mode” means.

But the line calling File::Path in /usr/sbin/webmux.pl refers to “$RT::MasonDataDir”, which points to /var/cache/rt/mason_data/.

The content and permissions of that folder is the following:

drwxrwx— 5 apache apache 38 2011-01-18 01:06 ./
drwxr-xr-x 4 root root 42 2011-01-18 01:06 …/
drwxrwx— 2 apache apache 6 2011-01-18 01:06 cache/
drwxrwx— 2 apache apache 6 2011-01-18 01:06 etc/
drwxrwx— 3 apache apache 50 2011-01-18 01:06 obj/

The “obj” dir has session related files in it (That are recreated by apache if I empty the folders) all created by apache, and apache also has the permissions to delete the files

It looks like webmux.pl is trying to clean out the /var/cache/rt/mason_data/obj folder and failing for some reason, with "Insecure dependency in mkdir while running with -T switch at /usr/lib/perl5/5.10.1/File/Path.pm line 108, line 2. "

if ( $ENV{‘MOD_PERL’} && !RT->Config->Get(‘DevelMode’)) {
# Under static_source, we need to purge the component cache
# each time we restart, so newer components may be reloaded.
# We can’t do this in FastCGI or we’ll blow away the component
# root every time a new server starts which happens every few
# hits.

require File::Path;
require File::Glob;
my @files = File::Glob::bsd_glob("$RT::MasonDataDir/obj/*");
File::Path::rmtree([ @files ], 0, 1) if @files;

}

1;

Kim P

Kim_Pedersen · January 18, 2011, 1:39pm

LOL - that figures

Yes, the path and permissions is alright - I can switch to the Apache
user and all the perl modules in “/usr/lib/perl5/5.10.1/File” are 444,
with the path directories being 755

It’s Line 250 in /usr/lib/perl5/5.10.1/File/Path.pm that throws off
webmux.pl. Could it be some sort of RT/Webmux compatibility issue /bug
with Mandriva Perl 5.10.1?

Again the live installation is running with the same version of
Perl, and I’ve compared the Path.pm & webmux.pl files between systems
and they are identical

— /usr/lib/perl5/5.10.1/File/Path.pm —
if ( -d _ ) {
$root = VMS::Filespec::pathify($root) if $Is_VMS;

Line 250 if (!chdir($root)) {
# see if we can escalate privileges to get in
# (e.g. funny protection mask such as -w- instead of rwx)
$perm &= 07777;
my $nperm = $perm | 0700;
if (!($arg->{safe} or $nperm == $perm or chmod($nperm,
$root))) {
_error($arg, “cannot make child directory
read-write-exec”, $canon);
next ROOT_DIR;
}
elsif (!chdir($root)) {
_error($arg, “cannot chdir to child”, $canon);
next ROOT_DIR;
}
}

Kim POn 2011-01-18 08:25, Schincke, Keith D. (JSC-IT)[DB Consulting Group, Inc.] wrote:

My typo. It should have been “perl module”.

Is the path to/usr/lib/perl5/5.10.1/File/Path.pm readable by the apache user? Each of the directories should be 755 with the perl module being 644.

I sometimes get DAG modules installing with a 750 and 640 respectively. Everything passes as root but fails as a user.

Keith

From: rt-users-bounces@lists.bestpractical.com [rt-users-bounces@lists.bestpractical.com] On Behalf Of Kim Pedersen [lists@kimp.org]
Sent: Tuesday, January 18, 2011 12:48 AM
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch

Hi Keith,

I am not sure I understand 100% what permissions to the “perl mode” means.

But the line calling File::Path in /usr/sbin/webmux.pl refers to “$RT::MasonDataDir”, which points to /var/cache/rt/mason_data/.

The content and permissions of that folder is the following:

drwxrwx— 5 apache apache 38 2011-01-18 01:06 ./
drwxr-xr-x 4 root root 42 2011-01-18 01:06 …/
drwxrwx— 2 apache apache 6 2011-01-18 01:06 cache/
drwxrwx— 2 apache apache 6 2011-01-18 01:06 etc/
drwxrwx— 3 apache apache 50 2011-01-18 01:06 obj/

The “obj” dir has session related files in it (That are recreated by apache if I empty the folders) all created by apache, and apache also has the permissions to delete the files

It looks like webmux.pl is trying to clean out the /var/cache/rt/mason_data/obj folder and failing for some reason, with "Insecure dependency in mkdir while running with -T switch at /usr/lib/perl5/5.10.1/File/Path.pm line 108, line 2. "

if ( $ENV{‘MOD_PERL’}&& !RT->Config->Get(‘DevelMode’)) {
# Under static_source, we need to purge the component cache
# each time we restart, so newer components may be reloaded.
#
# We can’t do this in FastCGI or we’ll blow away the component
# root every time a new server starts which happens every few
# hits.
 require File::Path;
 require File::Glob;
 my @files = File::Glob::bsd_glob("$RT::MasonDataDir/obj/*");
 File::Path::rmtree([ @files ], 0, 1) if @files;
}

1;

Kim P

On 2011-01-18 02:32, Schincke, Keith D. (JSC-IT)[DB Consulting Group, Inc.] wrote:
What are the directory permissions to the perl mode?
One of the directories or the Path.pm file may not allow the web process to access the file.

Keith

Sent from my Verizon Wireless Phone

----- Reply message -----
From: "Kim Pedersen"lists@kimp.org mailto:lists@kimp.org
Date: Mon, Jan 17, 2011 11:28 pm
Subject: [rt-users] webmux.pl - Insecure dependency in chdir while running with -T switch
To: "rt-users@lists.bestpractical.com"mailto:rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com mailto:rt-users@lists.bestpractical.com

Hi everyone,.

I am installing a cloned copy of our live 3.8.8 RT installation (To test
a restoration/reinstallation and later to play with the 3.9.4 release).

The new server is running Apache 2.2.15 with mod_perl 2.0.4 on Mandriva
2010.1 x64, with Postgresql 9.0 - which is the same as the live server.

And the RT version is installed from RPM (built from a modified Mandriva
.spec file, updated to work with 3.8.8)

After installing RT I can’t start Apache any longer and I am stuck with
the following problem in my apache log:

[error] Insecure dependency in chdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
require at (eval 2) line 1.\n
[error] Can’t load Perl file: /usr/sbin/webmux.pl for server
www.testserver.com:0 http://www.testserver.com:0, exiting…

If I run webmux.pl manually as root, there are no Perl errors. A “make
testdeps” from the RT sources show all dependencies being okay as well.
The RT config files are the same as on the live server - File::Path is
called at the end of webmux.pl, but I am just lost for what to look for
/ how to troubleshoot this.

Any hints / pointers?

Regards

Kim P

Josh_Narins · January 18, 2011, 1:47pm

From what I understand of Taint (-T) mode, this has nothing to do with directory permissions, and everything to do with trying to chdir to a variable (representing a directory) that has been marked as being unsafe, i.e. from user input.

See “perldoc perldiag” to find the error message, which then leads you to “perldoc perlsec” for more about taint mode.

That said, I don’t know, inside RT, the appropriate way to deal with this.

Josh Narins
Director of Application Development
SeniorBridge
845 Third Ave
7th Floor
New York, NY 10022
Tel: (212) 994-6194
Mobile: (917) 488-6248
Fax: (212) 994-4260
jnarins@seniorbridge.com

SeniorBridge
Managing Complex Chronic Care
http://www.seniorbridge.com

SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you.-----Original Message-----

Kim_Pedersen · January 18, 2011, 2:15pm

Hi Josh,

Thanks for your input - I’ve just about come to the same point as well,
but don’t know how to “fix” either :-/

Kim

    When the taint mode ("-T") is in effect, the "." directory is

removed
from @INC, and the environment variables “PERL5LIB” and
“PERLLIB” are
ignored by Perl. You can still adjust @INC from outside the
program by
using the “-I” command line option as explained in perlrun. The two
environment variables are ignored because they are obscured, and
a user
running a program could be unaware that they are set, whereas
the “-I”
option is clearly visible and therefore permitted.

    Another way to modify @INC without modifying the program, is to

use the
“lib” pragma, e.g.:

      perl -Mlib=/foo program

    The benefit of using "-Mlib=/foo" over "-I/foo", is that the former
    will automagically remove any duplicated directories, while the

later
will not.

    Note that if a tainted string is added to @INC, the following

problem
will be reported:

      Insecure dependency in require while running with -T switch

ESC[1mCleaning Up Your PathESC[0m
    For "Insecure $ENV{PATH}" messages, you need to set $ENV{'PATH'}

to a
known value, and each directory in the path must be absolute and
non-
writable by others than its owner and group. You may be
surprised to
get this message even if the pathname to your executable is fully
qualified. This is ESC[4mnotESC[24m generated because you
didn’t supply a full path
to the program; instead, it’s generated because you never set
your PATH
environment variable, or you didn’t set it to something that was
safe.
Because Perl can’t guarantee that the executable in question isn’t
itself going to turn around and execute some other program that is
dependent on your PATH, it makes sure you set the PATH.On 2011-01-18 09:47, Josh Narins wrote:

From what I understand of Taint (-T) mode, this has nothing to do with directory permissions, and everything to do with trying to chdir to a variable (representing a directory) that has been marked as being unsafe, i.e. from user input.

See “perldoc perldiag” to find the error message, which then leads you to “perldoc perlsec” for more about taint mode.

That said, I don’t know, inside RT, the appropriate way to deal with this.

Josh Narins
Director of Application Development
SeniorBridge
845 Third Ave
7th Floor
New York, NY 10022
Tel: (212) 994-6194
Mobile: (917) 488-6248
Fax: (212) 994-4260
jnarins@seniorbridge.com

SeniorBridge
Managing Complex Chronic Care
http://www.seniorbridge.com

SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you.-----Original Message-----

Fr

Kim_Pedersen · January 19, 2011, 2:50am

Hi Alex,

Thank you for that clarification.

I went grepping for the PerlTaintCheck line in the config files, and it
is nowhere to be found.

I did find then -T option to perl under Mandriva’s mod_perl config file,
but it was already set to not be enabled.

This is obviously distribution specific - I am not sure if a default has
changed somewhere or what. I moved the RT installation to another server
(Supposedly identical as well), and things are working fine there.

Thank you for your input everyone, I’ll leave it at that.

Regards,

Kim POn 2011-01-18 04:35, Alex Vandiver wrote:

On Tue, 2011-01-18 at 01:27 -0400, Kim Pedersen wrote:

[error] Insecure dependency in chdir while running with -T switch at
/usr/lib/perl5/5.10.1/File/Path.pm line 250.\nCompilation failed in
require at (eval 2) line 1.\n
We don’t support running RT under “taint mode.” Remove the
PerlTaintCheck line from your mod_perl configuration.

Alex