From owner-freebsd-cvsweb@FreeBSD.ORG Wed Nov 12 22:51:23 2003 Return-Path: Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DE0E16A4CE for ; Wed, 12 Nov 2003 22:51:23 -0800 (PST) Received: from cliff.cs.athabascau.ca (cliff.cs.athabascau.ca [131.232.10.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F47443F93 for ; Wed, 12 Nov 2003 22:51:18 -0800 (PST) (envelope-from ausec@athabascau.ca) Received: from CONVERSION-DAEMON.local.athabascau.ca by local.athabascau.ca (PMDF V6.1-1 #30658) id <0HOA0030131HOX@local.athabascau.ca> for freebsd-cvsweb@freebsd.org; Wed, 12 Nov 2003 23:51:17 -0700 (MST) Received: from athabascau.ca ([131.232.66.17]) by local.athabascau.ca (PMDF V6.1-1 #30658) with SMTP id <0HOA001AU31HRY@local.athabascau.ca> for freebsd-cvsweb@freebsd.org; Wed, 12 Nov 2003 23:51:17 -0700 (MST) Received: from 131.232.4.112 (SquirrelMail authenticated user ausec) by secure.athabascau.ca with HTTP; Wed, 12 Nov 2003 23:51:17 -0700 (MST) Date: Wed, 12 Nov 2003 23:51:17 -0700 (MST) From: ausec@athabascau.ca To: freebsd-cvsweb@freebsd.org Message-id: <22733.131.232.4.112.1068706277.squirrel@secure.athabascau.ca> MIME-version: 1.0 X-Mailer: SquirrelMail (version 1.2.8 [cvs]) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 8BIT Importance: Normal X-Priority: 3 Subject: fail to spawn rlog actually a taint issue X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS Web maintenance mailing list [restricted posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2003 06:51:23 -0000 I recieved the error messag "failed to spawn rlog" for a while until I changed: open(STDERR, '>/dev/null'); # rlog may complain; ignore. to open(STDERR, '>/tmp/err.txt'); # rlog may complain; ignore. in getDirLogs, the else with: exec($CMD{rlog}, '-r', @files) or exit -1; The err.txt reported: Insecure dependency in exec while running with -T switch at cgi-bin/cvsweb.cgi line 2141 If I knew enough perl I'd change it to work correctly but for now if I turn off taint it works Ok. Any thoughts? Thanks, Ausec. __ This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. ---