Re: [cricket-users] dependency errors in ConfigTree.pm?

From: Jeff Allen (jra@corp.webtv.net)
Date: Thu May 06 1999 - 13:41:45 PDT


From: Jeff Allen <jra@corp.webtv.net>

jdkirby@bluebunny.com wrote:
> I get the this in my Apache error_log:
>
> Insecure dependency in glob while running setuid at
> /home/cricket/public_html/./lib/ConfigTree.pm line 204.

That's happening because your webserver is configured to run CGI
scripts under taintperl. Cricket is not designed or tested to run with
Perl's tainting feature turned on. I can think of ways to solve that
particular error, but you'll undoubtedly discover others, and I'm not
really interested in trying to solve them all, right now, right here.

A better solution would be to find a way to run it where it does not
need to be so paranoid. We run ours as user "nobody" -- if you can do
that, then you can feel pretty safe turning off the tainting feature.

-- 
Jeff R. Allen                   |   jra@corp.webtv.net (work)
WebTV Networks, Inc.            |   jeff.allen@acm.org (personal)
Service Operations Toolsmith    |   http://www.munitions.com/~jra

------------------------------------------------------------------------ Wanting to get back in touch with old friends? http://www.onelist.com Reunite through a ONElist community.



This archive was generated by hypermail 2b29 : Mon Mar 06 2000 - 19:00:48 PST