ports/177416: mail/postgrey has surfaced a bug in perl's taint checking
Paul Beard
paulbeard at gmail.com
Fri Mar 29 22:50:03 UTC 2013
The following reply was made to PR ports/177416; it has been noted by GNATS.
From: Paul Beard <paulbeard at gmail.com>
To: Darren Pilgrim <ports.maintainer at evilphi.com>
Cc: "bug-followup at FreeBSD.org" <bug-followup at FreeBSD.org>
Subject: Re: ports/177416: mail/postgrey has surfaced a bug in perl's taint checking
Date: Fri, 29 Mar 2013 15:46:37 -0700
=3D=3D=3D>>> The following actions were performed:
Installation of devel/p5-IO-Multiplex (p5-IO-Multiplex-1.13)
Installation of net/p5-Socket6 (p5-Socket6-0.23)
Installation of net/p5-IO-Socket-INET6 (p5-IO-Socket-INET6-2.69)
Installation of dns/p5-Net-DNS (p5-Net-DNS-0.72)
Installation of net/p5-Net-Server (p5-Net-Server-2.007)
Re-installation of postgrey-1.34_4
[root at shuttle /usr/ports]# postgrey --inet=3D10023 =
--pidfile=3D/var/run/postgrey.pid --user=3Dpostgrey --group=3Dpostgrey =
--dbdir=3D/var/db/postgrey
2013/03/29-15:36:21 postgrey (type Net::Server::Multiplex) starting! =
pid(95738)
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Duplicate configuration (TCP) on [::1]:10023 with IPv6) - skipping
Duplicate configuration (TCP) on [127.0.0.1]:10023 with IPv4) - skipping
Binding to TCP port 10023 on host ::1 with IPv6
Insecure dependency in socket while running with -T switch at =
/usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm line 80.
Now check out the date on that file.=20
ls -l /usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm=20
-r--r--r-- 1 root wheel 13572 May 13 2009 =
/usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm=20
I think I have a ghost at this point. I deleted that entire hierarchy =
before reinstalling perl from scratch and the ports noted above.=20
pkg_which /usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm=20
[Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 1617 =
packages found (-41 +0) (...) done]
p5-IO-1.25,1
[root at shuttle /usr/ports]# ls -l /usr/local/lib/perl5/site_perl/
total 8
drwxr-xr-x 152 root wheel 3584 Mar 29 15:12 5.14.2
[root at shuttle /usr/ports]# ls -l `which perl`
lrwxr-xr-x 1 root wheel 25 Mar 29 11:31 /usr/bin/perl -> =
/usr/local/bin/perl5.14.2
[root at shuttle /usr/ports]# pkg_delete -df /var/db/pkg/p5-IO-1.25,1
deleted with no dependency warnings, so it was cruft after all.=20
postgrey --inet=3D10023 --pidfile=3D/var/run/postgrey.pid =
--user=3Dpostgrey --group=3Dpostgrey --dbdir=3D/var/db/postgrey
2013/03/29-15:41:44 postgrey (type Net::Server::Multiplex) starting! =
pid(96283)
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Duplicate configuration (TCP) on [::1]:10023 with IPv6) - skipping
Duplicate configuration (TCP) on [127.0.0.1]:10023 with IPv4) - skipping
Binding to TCP port 10023 on host ::1 with IPv6
Insecure dependency in socket while running with -T switch at =
/usr/local/lib/perl5/5.14.2/mach/IO/Socket.pm line 80.
[root at shuttle /usr/ports]# ls -l =
/usr/local/lib/perl5/5.14.2/mach/IO/Socket.pm
-r--r--r-- 1 root wheel 13834 Mar 29 11:28 =
/usr/local/lib/perl5/5.14.2/mach/IO/Socket.pm
pkg_which /usr/local/lib/perl5/5.14.2/mach/IO/Socket.pm
[Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 1616 =
packages found (-1 +0) (...) done]
perl-5.14.2_3
postgrey still bails on the taint flag and refuses to daemonize if you =
go with a socket.=20
Are we having fun yet?=20
--
Paul Beard
Are you trying to win an argument or solve a problem?=20
More information about the freebsd-ports-bugs
mailing list