Scott Griffith, ISES-LLC wrote:
On Oct 6, Mark Edwards wrote:

  
I'm having a problem starting spamd via sudo.  This is using the current 
FreeBSD port, and the behavior started with SA 2.6.  I can start it 
successfully if I su to root, but if I try to use sudo, I get:

sudo /usr/local/etc/rc.d/spamd.sh start
Insecure directory in $ENV{PATH} while running with -T switch at 
/usr/local/lib/perl5/5.6.1/Cwd.pm line 92.

Any idea what that's about?
    

New taint behavior with 2.60. Make sure that "." is not on your search
path, because that is insecure by definition (if you cd into a
world-writeable directory, your process can be made to execute
arbitrary code).
  
That was it.  I had ./ in my path.  I can see why its insecure, but I set it for convenience.  I removed it, and all is fine.

Thanks!

Reply via email to