Hi All, I've been following this discussion closely because I had what seems to be the same problem Sagar is having.
On Friday 30 March 2007 12:19 pm, Perrin Harkins wrote: > This might be a silly question, but what makes you think this has to > do with tainting? If it was a taint problem, wouldn't it say > "Insecure dependency in eval while running with -T switch"? It's > complaining about eval while running setgid. (I know you said you > aren't running setgid, but I think you should be trying to figure out > why it thinks it's setgid, not why something is tainted.) I was initially on-board with Sagar about this being a taint-checker problem, but Perrin's makes a pretty good point: it *is* rather suggestive that the insecure dependency message refers to "while running setgid" at the same time that the server reports GID-EGID mismatch due to a nonsensical EGID. I checked and found that my server displays the EGID problem as well, so decided to take Perrin's advice and investigate this first. I ran ps, which showed that the httpd processes all have their GID matching their EGID. Then I checked in perl by reporting the GID and EGID from the parent and children and found that the nonsensical EGID appears in the children when they are spawned (or at least in the PerlChildInitHandler). This seems to localize the problem to mod_perl. I started greping around in the mod_perl source code (I have 2.0.2) and found this in modperl_perl.c: -------------------------------------------------------------------------------------------- static void modperl_perl_ids_get(modperl_perl_ids_t *ids) { ids->pid = (I32)getpid(); #ifdef MP_MAINTAIN_PPID ids->ppid = (I32)getppid(); #endif #ifndef WIN32 ids->uid = getuid(); ids->euid = geteuid(); ids->gid = getgid(); ids->gid = getegid(); -------------------------------------------------------------------------------------------- I changed that last line to ids->egid = getegid(); then rebuilt/reinstalled/restarted, and the EGID problem is gone. I checked the 2.0.3 source and found this already fixed there. Sagar, can you try the same thing with your server? Perhaps the "tainting" problem will just disappear once this bug is fixed. Regards, Charlie -- Charlie Katz Harvard-Smithsonian Center for Astrophysics [EMAIL PROTECTED]