Hi,
YN Verma wrote:
Hi
Can anyone tell me why this message is appearing
Insecure dependency in `` while running with -T switch at
/usr/perl5/site_perl/5.6.1/Sys/Hostname/Long.pm line 91, <GEN1726> line 86.
Regards
I recently tracked this down on my systems. Sys::Hostname::Long tries
to work out the FQN by a variety of means and on some systems this
resolves to exec'ing hostname and domainname. These are exec'ed without
full paths and their output assigned to a variable without untainting.
This is considered insecure when running in Taint mode as it depends on
the PATH setting at the time of running the script, which could be
highjacked to point to compromised versions of those programs.
I manually modified my version of Sys/Hostname/Long.pm like this...
'exec_hostname_domainname' => {
'title' => 'Execute "hostname" and "domainname"',
'description' => '',
'exec' => sub {
# my $tmp = `hostname` . '.' . `domainname`;
my $tmph = `hostname`;
my $tmpd = `domainname`;
my $tmp = "$tmph.$tmpd";
$tmp =~ tr/\0\r\n//d;
return $tmp;
},
},
The commented out "my $tmp line is the original lime.
PS your colourful background makes your email very hard to read.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
