fail to spawn rlog actually a taint issue
ausec at athabascau.ca
ausec at athabascau.ca
Wed Nov 12 22:51:23 PST 2003
I recieved the error messag "failed to spawn rlog" for a while until I
changed:
open(STDERR, '>/dev/null'); # rlog may complain; ignore.
to
open(STDERR, '>/tmp/err.txt'); # rlog may complain; ignore.
in getDirLogs, the else with:
exec($CMD{rlog}, '-r', @files) or exit -1;
The err.txt reported:
Insecure dependency in exec while running with -T switch at
cgi-bin/cvsweb.cgi line 2141
If I knew enough perl I'd change it to work correctly but for now if I
turn off taint it works Ok.
Any thoughts?
Thanks,
Ausec.
__
This communication is intended for the use of the recipient to whom it
is addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take
action relying on it. Any communications received in error, or
subsequent reply, should be deleted or destroyed.
---
More information about the freebsd-cvsweb
mailing list