IT (LDN);
> > [EMAIL PROTECTED]; [EMAIL PROTECTED]; Client Research Development
> > Subject: Re: "Insecure dependency in eval while running
> setgid" error
> >
> > Hi All,
> >
> > I've been following this discussion closely because I had
> >
"Insecure dependency in eval while running setgid" error
>
> Hi All,
>
> I've been following this discussion closely because I had
> what seems to be the
> same problem Sagar is having.
>
> On Friday 30 March 2007 12:19 pm, Perrin Harkins wrote:
> >
Charlie Katz wrote:
Hi All,
I've been following this discussion closely because I had what seems to be the
same problem Sagar is having.
I started greping around in the mod_perl source code (I have 2.0.2) and found
this in modperl_perl.c:
-
Hi All,
I've been following this discussion closely because I had what seems to be the
same problem Sagar is having.
On Friday 30 March 2007 12:19 pm, Perrin Harkins wrote:
> This might be a silly question, but what makes you think this has to
> do with tainting? If it was a taint problem, woul
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 30 March 2007 17:19
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> modperl@perl.apache.org; Client Research Development
> Subject: Re: "Insecure depend
On 3/30/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
The untainting itself however happens just before the error is thrown,
so think it's more about estabilishing in precisely which conditions the
m// operator loses it's ability to untaint and coming up with the most
trivial demonstration of
> I think I remember saying that so far I've only been testing after
> graceful restarts (so what I would assume u call respawned children).
Again, this may be COMPLETELY unrelated, but I've had some serious
issues with graceful restart and stop in apache 2.2 / 2.4
With graceful restarts, I get
ment
> Subject: RE: "Insecure dependency in eval while running setgid" error
>
> I may have missed your reply somewhere in the thread, but
> Robert Landrum
> asked the question about whether this happens only in
> children that have
> respawned, and I haven't seen you co
I may have missed your reply somewhere in the thread, but Robert Landrum
asked the question about whether this happens only in children that have
respawned, and I haven't seen you comment about it.
It may be worth adding a call to Apache2::ServerUtil::restart_count()
into the debugging statement.
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 30 March 2007 15:38
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; modperl@perl.apache.org; Client
> Research Development
> Subject: Re: "Insecure dependency in eval while runni
On 3/30/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
What we found is that sometimes the problem would occur with httpd
processes that had served nothing other than this page and static
content (gifs, js files etc.) .
Okay, and did you try repeating that sequence of requests to see if it
tr
Hi Perrin,
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 30 March 2007 14:27
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; modperl@perl.apache.org; Client
> Research Development
> Subject: Re: "Insecure dependency in
On 3/30/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
I did this yesterday along with the other debugging. Unfortunately there
doesn't seem to be a sequence of hits. The child process could have
served multiple hits to the page in question or none at all.
You need the sequence this child fol
Hi Rob,
> -Original Message-
> From: Robert Landrum [mailto:[EMAIL PROTECTED]
> Sent: 29 March 2007 20:14
> To: Shah, Sagar: IT (LDN)
> Cc: modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
>
> [EMAIL PR
[EMAIL PROTECTED] wrote:
I'm hoping tho that if I can create a small test case under mod_perl
then that opens up myself/someone-on-the-list trying it with other
combinations of perl & mod_perl.
If you log the pid in the access file, you should be able to determine
the serious of page hits tha
-Original Message-
> From: Michael Peters [mailto:[EMAIL PROTECTED]
> Sent: 29 March 2007 18:44
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
>
&g
[EMAIL PROTECTED] wrote:
> Are there any other cases? How does perl handle the special case above,
> is there some magical variable $let_regexes_have_the_untaint_power or
> something of that order (silly long shot I know)
Sounds like a question for perl5-porters.
> I have to say I'm finding it
Hi All,
I'm getting closer to this now...
> -Original Message-
> From: Shah, Sagar: IT (LDN)
> Sent: 29 March 2007 10:07
> To: 'Robert Landrum'; 'Perrin Harkins'
> Cc: 'modperl@perl.apache.org'
> Subject: RE: "Insecure depende
> > You could add:
> >
> > warn "BLOCK: $block\n";
> >
> > just above the eval, which will log all the "blocks" that are
> > being eval
> > to figure out which one is giving you the trouble.
>
> That's a useful suggestion, I'll give that a try. What I'm
> expecting to find is that t
Hi Rob,
Thanks for your response.
> -Original Message-
> From: Robert Landrum [mailto:[EMAIL PROTECTED]
> Sent: 28 March 2007 18:06
> To: Perrin Harkins
> Cc: Shah, Sagar: IT (LDN); modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval whil
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 28 March 2007 17:18
> To: Shah, Sagar: IT (LDN)
> Cc: modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
>
> On 3/28/07, [EM
Perrin Harkins wrote:
On 3/28/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Keep taint mode on in dev, so you can identify your issues in
> development, then turn in off in prod.
Is that actually the generally recommended approach?
It's hard to know for sure that you've tried every code
On 3/28/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Keep taint mode on in dev, so you can identify your issues in
> development, then turn in off in prod.
Is that actually the generally recommended approach?
It's hard to know for sure that you've tried every code path in dev,
even if yo
> -Original Message-
> From: Robert Landrum [mailto:[EMAIL PROTECTED]
> Sent: 28 March 2007 16:30
> To: Shah, Sagar: IT (LDN)
> Cc: [EMAIL PROTECTED]; modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
[EMAIL PROTECTED] wrote:
Unfortunately turning taint mode off isn't an option for me. My
application is client facing and so we want to continue to make use of
the security mechanism that taint mode gives us.
Keep taint mode on in dev, so you can identify your issues in
development, then turn
Rob,
Thanks for your response.
> See if fgrep -r 'perl' * | grep '-T' in you modules directory returns
> anything. Also make sure PerlTaintCheck On isn't in your
> config. Also,
> a lot of times I'll put -T in the shebang line of my handler.pl or
> startup.pl, which will enable Taint checki
Hi Fred,
Thanks for your response
> -Original Message-
> From: Fred Moyer [mailto:[EMAIL PROTECTED]
> Sent: 27 March 2007 17:30
> To: Shah, Sagar: IT (LDN)
> Cc: modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid" error
Fred Moyer wrote:
Or maybe this is a bug in getegid where it's not clearing a previous
memory state. What platform is this on?
sun4-solaris
His first post had a list of modules in a stack trace, which is where I
grabbed that.
I googled, but didn't find anything relevant. :(
See if fgre
[EMAIL PROTECTED] wrote:
- I changed a mod_perl page to actually print out gid and egid. Both $(
and $) are actually a space seperated list of group ids, what I found is
that under mod_perl I get:
$GID451 451
$EGID -19253340 451
451 is fliclearusers, the primary group of my account. I ha
On 3/27/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
Whereas in my production environment, if I access some a new mod_perl
page again and again over the course of a few minutes I'm almost
guaranteed for users to trigger the error which actually occurs on
_another_ mod_perl page which has been
Hi Perrin,
Thanks again for trying to help.
> The only other thing that occurs to me, and this is a reach because
> I'm way out of my expertise, is that the problem Stas fixed earlier
> had to do with some XS code not leaving things in a good state, and
> maybe some XS code in a module you use is
On 3/27/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
- It wasn't possible to repeat the error I got when running under httpd
-X (well I tried for a long time and couldn't)
I'm guessing you just didn't hit the right combination of things. Or
maybe this problem is somehow only present after
> -Original Message-
> From: Shah, Sagar: IT (LDN)
> Sent: 26 March 2007 17:30
> To: 'Perrin Harkins'
> Cc: 'modperl@perl.apache.org'
> Subject: RE: "Insecure dependency in eval while running setgid" error
>
>
> > > Alte
> > Alternatively, if you can run your server in single-process mode and
> > come up with a repeatable series of steps that cause the error, you
> > can work back from the point where you saw the error until you find
> > the offending code.
>
>
> Yes, httpd -X is a good idea. I should have thou
Hi Perrin,
Thanks for your response.
> -Original Message-
> From: Perrin Harkins [mailto:[EMAIL PROTECTED]
> Sent: 26 March 2007 16:12
> To: Shah, Sagar: IT (LDN)
> Cc: modperl@perl.apache.org
> Subject: Re: "Insecure dependency in eval while running setgid
On 3/26/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
The most interesting thing, as I said earlier, is that the behaviour is
not consistent. If I hit one mod_perl page many many times then
eventually I'll get the Insecure Dependency error when I hit a
completely _separate_ mod_perl page.
It
20
> To: modperl@perl.apache.org
> Cc: Shah, Sagar: IT (LDN)
> Subject: Re: "Insecure dependency in eval while running setgid" error
>
> Hi,
>
> I recently ran into a similiar situation, which I asked about
> on this list
> (message subject "inconsistent taint ch
Hi,
I recently ran into a similiar situation, which I asked about on this list
(message subject "inconsistent taint check results").
Do you by any chance "use Taint;" (Taint-0.09) ? I found that when I stopped
using that, the problem went away.
Just a guess.
Regards,
Charlie Katz
On Mon
38 matches
Mail list logo
