Perl problems on FreeBSD (again)

Mog lists at elasticmind.net
Tue Oct 20 12:50:44 IST 2009


Hi all,

I upgraded MailScanner last night along with a number of other ports, 
which unfortunately included a micro update to Perl. On FreeBSD it went 
from perl-5.10.0 to perl-5.10.1, and judging by the error messages in 
the maillog, it seems that the old taint mode problem has resurfaced:

Could not use Custom Function code 
/usr/local/lib/MailScanner/MailScanner/CustomFunctions/SpamWhitelist.pm, 
it could not be "require"d. Make sure the last line is "1;" and the 
module is correct with perl -wc (Error: Insecure dependency in require 
while running with -T switch at 
/usr/local/lib/MailScanner/MailScanner/Config.pm line 754.

I'm seeing this same error message being shown for these files as well: 
MyExample.pm, DavidHooton.pm, LastSpam.pm, GenericSpamScanner.pm, 
CustomAction.pm, Ruleset-from-Function.pm and ZMRouterDirHash.pm.


 From what I understand, FreeBSD runs perl programs with the -T option 
(taint mode), which is basically some additional security check. If I'm 
reading this right, the additional security check (for some reason) 
seems to have a problem with 'eval { require $fullfile; };', the code 
used to require the CustomFunction modules MailScanner uses:

    $fullfile = "$dir/$filename";
    next unless -f $fullfile and -s $fullfile;
    eval { require $fullfile; };
    if ($@) {
      MailScanner::Log::WarnLog("Could not use Custom Function code %s, " .
                                "it could not be \"require\"d. Make sure " .
                                "the last line is \"1;\" and the module " .
                                "is correct with perl -wc (Error: %s)",
                                $fullfile, $@);
    }


Does this makes sense to anyone? Naturally I've reported this problem to 
the FreeBSD people as well to see if they can help work out what is 
going on.

Regards,
mog


More information about the MailScanner mailing list