SOLVED in 7.2: Perl problems on FreeBSD (again)
MailScanner at ecs.soton.ac.uk
Fri Nov 20 12:28:05 GMT 2009
Can you tell me what the changes are, and give me any hints or tips on
what changes I need to make to my code to work with these new changes?
It'll take me hours to find out exactly what I need to change, and I
simply don't have that much time right now. But I would like to get the
problem fixed as soon as poss.
On 15/11/2009 20:53, Sanderson4 wrote:
> To follow up on my previous post, Perl 5.10.1 resolved bugs in taint
> that MailScanner got around in 5.8 and 5.10. Now that taint has been
> fixed in 5.10.1, MailScanner doesn't run.
> On Sun, Nov 15, 2009 at 1:59 PM, Sanderson4 <sanderson4 at gmail.com
> <mailto:sanderson4 at gmail.com>> wrote:
> Unfortunately, the issue is MailScanner and not Perl. When a user
> sets "Run As Users" and "Run As Group" in MailScanner, it forces
> Perl to run in taint mode because Perl was directed by
> MailScanner to run as a different user. For security reasons this
> causes Perl to be very sceptical as to what tasks the assigned
> user can perform. MailScanner has not been updated to resolve
> these tainted tasks (ie load custom function files or chown).
> The reason you don't see the Linux community compain about Perl is
> because they use a packaging system that doesn't force a user to
> upgrade to the latest version of Perl each time they upgrade
> MailScanner. FreeBSD's portmaster and portupgrade check each
> dependancy of MailScanner and will upgrade any dependancy that has
> a newer version available. I know with portmaster you can include
> the -x argument to "avoid building or updating ports that match
> this pattern." Unfortunately I don't use portupgrade so I don't
> know how to exclude an upgrade. Please refer to the man page for
> a solution.
> With that said, we as a FreeBSD community need to submit bug
> requests to Jules so he can resolve these programming constraints
> that newer versions of Perl produce.
> On Sun, Nov 15, 2009 at 12:18 PM, Drew Marshall
> <drew.marshall at trunknetworks.com
> <mailto:drew.marshall at trunknetworks.com>> wrote:
> On 15 Nov 2009, at 14:03, Mog wrote:
> I followed the procedure you described exactly. I'm
> guessing the other people who are experiencing the same
> problem did the same thing as well (as mentioned on the
> ports mailing list). I'm using that exact version of perl
> you mentioned and used the perl-after-upgrade call as
> always. As it turns out, to get the mail server back up
> and running again I had to revert to the packaged version
> perl-5.10.0_2.tbz and ignore the upgrade (like last time
> this happened).
> Yup, same here. Make sure you continue to be vigilant when
> running portupgrade again or else you will be right back again.
> I can only assume that either you did something extra we
> haven't to make it work, or ... Actually there is no or,
> I'm out of ideas. I have no idea why it should work for a
> few people but not dozens of others (unless you're using
> portmaster and we're using portupgrade or something). Nor
> do I know what actually is the cause of the problem.
> I have upgraded to 5.10.1 and had to roll back too. I have no
> idea what could be causing the issue but it's a right pain.
> I can't see any logical reason why every so often a perl
> upgrade will cause MailScanner to break. Presumably either
> it's a recurring problem with the FreeBSD port, the
> upgrade process, or within perl itself.
> It's not a problem within the same version but every so often
> a new version pops out and having gone through the upgrade,
> then reinstalling all the p5-* ports (portupgrade -f p5-* I
> always do that as I don't find the the perl-after-upgrade
> script does the job fully but then I have never run it with
> the -f option so I'll try that next time) to find that
> something borks MS and then you have to downgrade again is a
> right pain :-(
> I really like FreeBSD but I just can't see what is causing
> this to happen. Surely perl is perl and therefore it should
> work for everyone or no one? Or have I missed something
> In line with our policy, this message has been scanned for
> viruses and dangerous content.
> Our email policy can be found at www.trunknetworks.com/policy
> Trunk Networks Limited is registered in Scotland with
> registration number: SC351063
> Registered Office 55-57 West High Street Inverurie AB51 3QQ
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner