Hi Olivier,
I might provide some useful informations :
* first line of wwsympa.fcgi should look like "#!/usr/bin/perl -U".
If the "-U" option is missing, it might be the reason why you get
these warnings/errors
* Sympa 5.2 introduced a Perl wrapper for wwsympa.fcgi that uses
sudo. Do you use it?
* Sympa 5.4 introduced a C wrapper for wwsympa.fcgi. Do you use it?
Did you check the related documentation
<http://www.sympa.org/manual/web-interface#web_server_setup> ?
Olivier Berger a écrit :
title 516164 Several Insecure errors when running setuid in apache error log
thanks
On Thu, Feb 19, 2009 at 05:12:30PM +0100, Olivier Berger wrote:
I just upgraded one of my servers from etch to lenny and got :
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
in the apache logs.
There's actually unfortunately more than these 2 :
# grep "Insecure dependency" /var/log/apache2/error.log | sed
's/.*Insecure/Insecure/g' | sed 's/, referer.*//g' | sort -u
Insecure dependency in open while running setuid at /usr/lib/sympa/bin/List.pm
line 10148.
Insecure dependency in open while running setuid at /usr/lib/sympa/bin/Lock.pm
line 203.
Hope this helps.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]