ports/177416: postgrey has surfaced a bug in perl's taint checking

Charlie & paulbeard at gmail.com
Wed Mar 27 16:20:00 UTC 2013 

>Number:         177416
>Category:       ports
>Synopsis:       postgrey has surfaced a bug in perl's taint checking
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 27 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Charlie &
>Release:        FreeBSD 8.3-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD shuttle.paulbeard.org 8.3-RELEASE FreeBSD 8.3-RELEASE #3: Thu Aug 30 16:34:02 PDT 2012 root at shuttle.paulbeard.org:/usr/obj/usr/src/sys/SHUTTLE i386


	
>Description:
postgrey seems to have surfaced a bug in perl's taint checking. 

Running it as an rc script or in the service infrastructue doesn't reveal anything, it just silently exits, 
but on the commandline you get this:
postgrey --inet=10023 --pidfile=/var/run/postgrey.pid --user=postgrey --group=postgrey  --dbdir=/var/db/postgrey
2013/03/27-08:53:46 postgrey (type Net::Server::Multiplex) starting! pid(45305)
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [::1]:10023, IPv6
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Duplicate configuration (TCP) on [::1]:10023 with IPv6) - skipping
Duplicate configuration (TCP) on [127.0.0.1]:10023 with IPv4) - skipping
Binding to TCP port 10023 on host ::1 with IPv6
Insecure dependency in socket while running with -T switch at /usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm line 80.

If you switch to domain socket, rather than a port, it will run but you can't daemonize it with the -d flag. 
You can use regular job control (fg/bg/ampersand) but that doesn't work very well at boot time. Your boot process 
may well hang waiting on the &. Or turn off taint checking in postgrey. 
>How-To-Repeat:
	just run as normal
>Fix:
no idea 
All perl modules have been rebuilt from source (deinstalled/reinstalled from fresh distfiles) as has perl itself. 
System has been rebooted. 
There are similar reports here: 
http://www.perlmonks.org/?node_id=363466 
http://forums.gentoo.org/viewtopic-t-954454.html?sid=c01c137a57d5751924610093a06980f8


	

If you switch to domain socket, rather than a port, it will run but you can't daemonize it with the -d flag. 
So, not ideal. Or turn off the -T option. Your call. 
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list