Perl problems on FreeBSD (again)

Mog lists at elasticmind.net
Wed Oct 21 14:34:34 IST 2009 

Kevin Kobb wrote:
> Mog wrote:
>> Hi all,
>>
>> I upgraded MailScanner last night along with a number of other ports, 
>> which unfortunately included a micro update to Perl. On FreeBSD it 
>> went from perl-5.10.0 to perl-5.10.1, and judging by the error 
>> messages in the maillog, it seems that the old taint mode problem has 
>> resurfaced:
>>
>> Could not use Custom Function code 
>> /usr/local/lib/MailScanner/MailScanner/CustomFunctions/SpamWhitelist.pm, 
>> it could not be "require"d. Make sure the last line is "1;" and the 
>> module is correct with perl -wc (Error: Insecure dependency in 
>> require while running with -T switch at 
>> /usr/local/lib/MailScanner/MailScanner/Config.pm line 754.
>>
>> I'm seeing this same error message being shown for these files as 
>> well: MyExample.pm, DavidHooton.pm, LastSpam.pm, 
>> GenericSpamScanner.pm, CustomAction.pm, Ruleset-from-Function.pm and 
>> ZMRouterDirHash.pm.
>>
>>
>>  From what I understand, FreeBSD runs perl programs with the -T 
>> option (taint mode), which is basically some additional security 
>> check. If I'm reading this right, the additional security check (for 
>> some reason) seems to have a problem with 'eval { require $fullfile; 
>> };', the code used to require the CustomFunction modules MailScanner 
>> uses:
>>
>>    $fullfile = "$dir/$filename";
>>    next unless -f $fullfile and -s $fullfile;
>>    eval { require $fullfile; };
>>    if ($@) {
>>      MailScanner::Log::WarnLog("Could not use Custom Function code 
>> %s, " .
>>                                "it could not be \"require\"d. Make 
>> sure " .
>>                                "the last line is \"1;\" and the 
>> module " .
>>                                "is correct with perl -wc (Error: %s)",
>>                                $fullfile, $@);
>>    }
>>
>>
>> Does this makes sense to anyone? Naturally I've reported this problem 
>> to the FreeBSD people as well to see if they can help work out what 
>> is going on.
>>
>> Regards,
>> mog
>
> What process did you use to upgrade MailScanner/Perl? If you used 
> portupgrade, please give the command line you used.

Hi,

Thanks for responding.

I used something along the lines of:

portupgrade -rR perl
perl-after-upgrade
portupgrarde -rR mailscanner

At one point I think I removed all the perl ports, mailscanner, 
spamassassin etc to fix dependencies and such.

More information about the MailScanner mailing list