  • Apache2 with mod_perl2
  • TWiki TWikiRelease04x00 rev #9795
  • Language: de (I18N enabled)
  • Perl taint mode enabled globally
  • Locale::Maketext v1.10


Accessing TWiki (view, edit, attach, ...) caused a Insecure dependency in eval while running setgid at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247. error message; not regularily, but too often.

Apache's errorlog shows:

Insecure dependency in eval while running setgid at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247.
 at /usr/lib/perl5/5.8.7/Locale/Maketext/Guts.pm line 247
        Locale::Maketext::_compile('TWiki::I18N::de=HASH(0x814b3048)', '[_1] wurde von [_4] von [_2] nach [_3] verschoben') called at /usr/lib/perl5/5.8.7/
Locale/Maketext.pm line 189
        Locale::Maketext::maketext('undef', 'undef', '<nop>System.<nop>GlobaleAenderungen', '<nop>System.<nop>GlobalChanges', '19 Jan 2006 - 10:01', 'Main.
OliverKrueger') called at /srv/twiki-tak/lib/TWiki/I18N.pm line 206
        TWiki::I18N::maketext('TWiki::I18N::de=HASH(0x814b3048)', '[_1] moved from [_2] on [_3] by [_4]', '<nop>System.<nop>GlobaleAenderungen', '<nop>Syst
em.<nop>GlobalChanges', '19 Jan 2006 - 10:01', 'Main.OliverKrueger') called at /srv/twiki-tak/lib/TWiki/Render.pm line 196
        TWiki::Render::renderMoved('TWiki::Render=HASH(0x81339718)', 'System', 'GlobaleAenderungen', 'TWiki::Meta=HASH(0x814d65fc)', 'TWiki::Attrs=HASH(0x8
14d6584)') called at /srv/twiki-tak/lib/TWiki.pm line 3262
        TWiki::_META('TWiki=HASH(0x80285a18)', 'TWiki::Attrs=HASH(0x814d6584)', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line
        TWiki::_expandTagOnTopicRendering('TWiki=HASH(0x80285a18)', 'META', '"moved"', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.p
m line 2164
        TWiki::_processTags('TWiki=HASH(0x80285a18)', '</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'CODE(0x809560e4)', 16, 'Glob
aleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line 2090
        TWiki::_expandAllTags('TWiki=HASH(0x80285a18)', 'SCALAR(0x815bd130)', 'GlobaleAenderungen', 'System') called at /srv/twiki-tak/lib/TWiki.pm line 24
        TWiki::handleCommonTags('TWiki=HASH(0x80285a18)', '</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'System', 'GlobaleAenderu
ngen') called at /srv/twiki-tak/lib/TWiki/UI/View.pm line 320
        TWiki::UI::View::_prepare('</div><!-- /patternTopic-->\x{a}<div class="twikiAfterText"></div...', 'TWiki=HASH(0x80285a18)', 'System', 'GlobaleAende
rungen', 'TWiki::Meta=HASH(0x814d65fc)', 0) called at /srv/twiki-tak/lib/TWiki/UI/View.pm line 309
        TWiki::UI::View::view('TWiki=HASH(0x80285a18)') called at /srv/twiki-tak/lib/TWiki/UI.pm line 97
        TWiki::UI::__ANON__() called at /srv/twiki-tak/lib/CPAN/lib///Error.pm line 387
        eval {...} called at /srv/twiki-tak/lib/CPAN/lib///Error.pm line 379
        Error::subs::try('CODE(0x8116642c)', 'HASH(0x814d6608)') called at /srv/twiki-tak/lib/TWiki/UI.pm line 146
        TWiki::UI::run('CODE(0x803b8f88)') called at /srv/twiki-tak/bin/view line 31
        ModPerl::ROOT::ModPerl::Registry::srv_twiki_2dtak_bin_view::handler('Apache2::RequestRec=SCALAR(0x815bd118)') called at /usr/lib/perl5/vendor_perl/
5.8.7/i586-linux-thread-multi/ModPerl/RegistryCooker.pm line 203
        eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ModPerl/RegistryCooker.pm line 203
        ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x8132e1d0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/ModPerl/Regis
tryCooker.pm line 169
        ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x8132e1d0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i586-linux-thread-multi/M
odPerl/Registry.pm line 30
        ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x815bd118)') called at -e line 0
        eval {...} called at -e line 0



This is caused by a known bug in Locale::Maketext. Also see http://rt.cpan.org/Public/Bug/Display.html?id=5521


Perl Taint mode was switched on globally. I18N was activated. Maketext seems not to be taint-safe. frown

Summary Insecure Dependency bug with Maketext and mod_perl2
ReportedBy TWiki:Main.OliverKrueger

SVN Range Wed, 12 Apr 2006 build 9795
AppliesTo Engine

Priority Normal
CurrentState No Action Required


TargetRelease n/a
