[SOLVED] Taint error with Perl v5.10.1

Edward Prendergast edward.prendergast at netring.co.uk
Mon Dec 7 16:07:23 GMT 2009


Johan Hendriks wrote:
>>> On 7 Dec 2009, at 11:53, Edward Prendergast wrote:
>>>
>>>       
>>>> When MailScanner drops privileges it goes down to the postfix user. 
>>>> In case this was related to file permissions I altered all the
>>>>         
> custom 
>   
>>>> modules ownership to root:postfix but this made no difference. My 
>>>> best guess is a tainted @INC:
>>>>
>>>>
>>>>         
> http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode_and_
> @INC 
>   
>>>> But I'm not sure if this is correct, and if it is, how to go about 
>>>> solving it?
>>>>         
>>> Try installing the latest beta. I believe Jules has fixed tainting 
>>> issues in that version.
>>>       
>
>   
>> Thanks for your feedback. As I'm running in production I think I may 
>> downgrade to Perl 5.8.9 (I have the flexibility to do this now - this
>>     
> is 
>   
>> one of the reasons why I'm looking to replace the RHEL-bundled Perl 
>> RPM-based install with a custom version) and wait for these changes to 
>> work their way through in a stable release.
>>     
>
>   
>> Thanks,
>> Edward
>>     
>
> Perl-5.8.9 will give you the same problem.
> Use perl 5.8.8 or 5.10.0 
> this will work
>   

Thanks - I will do this until the taint fixes make it into the stable 
release.

-Edward

************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************



More information about the MailScanner mailing list