Taint error with Perl v5.10.1

Edward Prendergast edward.prendergast at netring.co.uk
Mon Dec 7 12:33:41 GMT 2009


Drew Marshall wrote:
> On 7 Dec 2009, at 11:53, Edward Prendergast wrote:
>
>> When MailScanner drops privileges it goes down to the postfix user. 
>> In case this was related to file permissions I altered all the custom 
>> modules ownership to root:postfix but this made no difference. My 
>> best guess is a tainted @INC:
>>
>> http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode_and_@INC 
>>
>>
>> But I'm not sure if this is correct, and if it is, how to go about 
>> solving it?
>
> Try installing the latest beta. I believe Jules has fixed tainting 
> issues in that version.

Thanks for your feedback. As I'm running in production I think I may 
downgrade to Perl 5.8.9 (I have the flexibility to do this now - this is 
one of the reasons why I'm looking to replace the RHEL-bundled Perl 
RPM-based install with a custom version) and wait for these changes to 
work their way through in a stable release.

Thanks,
Edward

************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************



More information about the MailScanner mailing list