• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Environment

  • Apache2 with mod_perl2
  • TWiki TWikiRelease04x00 rev #9795
  • Language: de (I18N enabled)
  • Perl taint mode enabled globally
  • Locale::Maketext v1.10

Symptoms

Accessing TWiki (view, edit, attach, ...) caused a Insecure dependency in eval while running setgid at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247. error message; not regularily, but too often.

Apache's errorlog shows:

********************************
Insecure dependency in eval while running setgid at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247.
 at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247
        Locale::Maketext::_compile('TWiki::I18N::de=HASH(0x814b3048)', '[_1] wurde von [_4] von [_2] nach [_3] verschoben') called at /usr/lib/perl5/5.8.7/
Locale/Maketext.pm line 189
        Locale::Maketext::maketext('undef', 'undef', '<nop>System.<nop>GlobaleAenderungen', '<nop>System.<nop>GlobalChanges', '19 Jan 2006 - 10:01', 'Main.
OliverKrueger') called at /srv/twiki-tak/lib/TWiki/I18N.pm line 206
        TWiki::I18N::maketext('TWiki::I18N::de=HASH(0x814b3048)', '[_1] moved from [_2] on [_3] by [_4]', '<nop>System.<nop>GlobaleAenderungen', '<nop>Syst
em.<nop>GlobalChanges', '19 Jan 2006 - 10:01', 'Main.OliverKrueger') called at /srv/twiki-tak/lib/TWiki/Render.pm line 196
        TWiki::Render::renderMoved('TWiki::Render=HASH(0x81339718)', 'System', 'GlobaleAenderungen', 'TWiki::Meta=HASH(0x814d65fc)', 'TWiki::Attrs=HASH(0x8
14d6584)') called at /srv/twiki-tak/lib/TWiki.pm line 3262
        TWiki::_META('TWiki=HASH(0x80285a18)', 'TWiki::Attrs=HASH(0x814d6584)', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line
2245
        TWiki::_expandTagOnTopicRendering('TWiki=HASH(0x80285a18)', 'META', '"moved"', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.p
m line 2164
        TWiki::_processTags('TWiki=HASH(0x80285a18)', '</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'CODE(0x809560e4)', 16, 'Glob
aleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line 2090
        TWiki::_expandAllTags('TWiki=HASH(0x80285a18)', 'SCALAR(0x815bd130)', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line 24
33
        TWiki::handleCommonTags('TWiki=HASH(0x80285a18)', '</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'System', 'GlobaleAenderu
ngen') called at /srv/twiki-tak/lib/TWiki/UI/View.pm line 320
        TWiki::UI::View::_prepare('</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'TWiki=HASH(0x80285a18)', 'System', 'GlobaleAende
rungen', 'TWiki::Meta=HASH(0x814d65fc)', 0) called at /srv/twiki-tak/lib/TWiki/UI/View.pm line 309
        TWiki::UI::View::view('TWiki=HASH(0x80285a18)') called at /srv/twiki-tak/lib/TWiki/UI.pm line 97
        TWiki::UI::__ANON__() called at /srv/twiki-tak/lib/CPAN/lib///Error.pm line 387
        eval {...} called at /srv/twiki-tak/lib/CPAN/lib///Error.pm line 379
        Error::subs::try('CODE(0x8116642c)', 'HASH(0x814d6608)') called at /srv/twiki-tak/lib/TWiki/UI.pm line 146
        TWiki::UI::run('CODE(0x803b8f88)') called at /srv/twiki-tak/bin/view line 31
        ModPerl::ROOT::ModPerl::Registry::srv_twiki_2dtak_bin_view::handler('Apache2::RequestRec=SCALAR(0x815bd118)') called at /usr/lib/perl5/vendor_perl/
5.8.7/i586-linux-thread-multi/ModPerl/RegistryCooker.pm line 203
        eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ModPerl/RegistryCooker.pm line 203
        ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x8132e1d0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ModPerl/Regis
tryCooker.pm line 169
        ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x8132e1d0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/M
odPerl/Registry.pm line 30
        ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x815bd118)') called at -e line 0
        eval {...} called at -e line 0

********************************

Reason

This is caused by a known bug in Locale::Maketext. Also see http://rt.cpan.org/Public/Bug/Display.html?id=5521

Reason2

Perl Taint mode was switched on globally. I18N was activated. Maketext seems not to be taint-safe. frown

ItemTemplate
Summary Insecure Dependency bug with Maketext and mod_perl2
ReportedBy TWiki:Main.OliverKrueger
Codebase

SVN Range Wed, 12 Apr 2006 build 9795
AppliesTo Engine
Component

Priority Normal
CurrentState No Action Required
WaitingFor

Checkins

TargetRelease n/a
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-04-13 - OliverKrueger
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback