Hi Olivier,

I might provide some useful informations :

   * first line of wwsympa.fcgi should look like "#!/usr/bin/perl -U".
     If the "-U" option is missing, it might be the reason why you get
     these warnings/errors
   * Sympa 5.2  introduced a Perl wrapper for wwsympa.fcgi that uses
     sudo. Do you use it?
   * Sympa 5.4 introduced a C wrapper for wwsympa.fcgi. Do you use it?


Did you check the related documentation <http://www.sympa.org/manual/web-interface#web_server_setup> ?

Olivier Berger a écrit :
title 516164 Several Insecure errors when running setuid in apache error log
thanks

On Thu, Feb 19, 2009 at 05:12:30PM +0100, Olivier Berger wrote:
I just upgraded one of my servers from etch to lenny and got :
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while 
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while 
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while 
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while 
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
in the apache logs.

There's actually unfortunately more than these 2 :

# grep "Insecure dependency" /var/log/apache2/error.log | sed 
's/.*Insecure/Insecure/g' | sed 's/, referer.*//g' | sort -u
Insecure dependency in open while running setuid at /usr/lib/sympa/bin/List.pm 
line 10148.
Insecure dependency in open while running setuid at /usr/lib/sympa/bin/Lock.pm 
line 203.

Hope this helps.




--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to