Perl problems on FreeBSD (again)
Mog
lists at elasticmind.net
Tue Oct 20 12:50:44 IST 2009
Hi all,
I upgraded MailScanner last night along with a number of other ports,
which unfortunately included a micro update to Perl. On FreeBSD it went
from perl-5.10.0 to perl-5.10.1, and judging by the error messages in
the maillog, it seems that the old taint mode problem has resurfaced:
Could not use Custom Function code
/usr/local/lib/MailScanner/MailScanner/CustomFunctions/SpamWhitelist.pm,
it could not be "require"d. Make sure the last line is "1;" and the
module is correct with perl -wc (Error: Insecure dependency in require
while running with -T switch at
/usr/local/lib/MailScanner/MailScanner/Config.pm line 754.
I'm seeing this same error message being shown for these files as well:
MyExample.pm, DavidHooton.pm, LastSpam.pm, GenericSpamScanner.pm,
CustomAction.pm, Ruleset-from-Function.pm and ZMRouterDirHash.pm.
From what I understand, FreeBSD runs perl programs with the -T option
(taint mode), which is basically some additional security check. If I'm
reading this right, the additional security check (for some reason)
seems to have a problem with 'eval { require $fullfile; };', the code
used to require the CustomFunction modules MailScanner uses:
$fullfile = "$dir/$filename";
next unless -f $fullfile and -s $fullfile;
eval { require $fullfile; };
if ($@) {
MailScanner::Log::WarnLog("Could not use Custom Function code %s, " .
"it could not be \"require\"d. Make sure " .
"the last line is \"1;\" and the module " .
"is correct with perl -wc (Error: %s)",
$fullfile, $@);
}
Does this makes sense to anyone? Naturally I've reported this problem to
the FreeBSD people as well to see if they can help work out what is
going on.
Regards,
mog
More information about the MailScanner
mailing list