Taint error with Perl v5.10.1
Johan Hendriks
Johan at double-l.nl
Mon Dec 7 12:57:01 GMT 2009
>> On 7 Dec 2009, at 11:53, Edward Prendergast wrote:
>>
>>> When MailScanner drops privileges it goes down to the postfix user.
>>> In case this was related to file permissions I altered all the
custom
>>> modules ownership to root:postfix but this made no difference. My
>>> best guess is a tainted @INC:
>>>
>>>
http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode_and_
@INC
>>>
>>>
>>> But I'm not sure if this is correct, and if it is, how to go about
>>> solving it?
>>
>> Try installing the latest beta. I believe Jules has fixed tainting
>> issues in that version.
>Thanks for your feedback. As I'm running in production I think I may
>downgrade to Perl 5.8.9 (I have the flexibility to do this now - this
is
>one of the reasons why I'm looking to replace the RHEL-bundled Perl
>RPM-based install with a custom version) and wait for these changes to
>work their way through in a stable release.
>Thanks,
>Edward
Perl-5.8.9 will give you the same problem.
Use perl 5.8.8 or 5.10.0
this will work
regards,
Johan Hendriks
More information about the MailScanner
mailing list