From owner-freebsd-cvsweb@FreeBSD.ORG Thu Nov 13 04:40:03 2003 Return-Path: Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C564316A4CE for ; Thu, 13 Nov 2003 04:40:03 -0800 (PST) Received: from smtp2.pp.htv.fi (smtp2.pp.htv.fi [213.243.153.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE80143FBF for ; Thu, 13 Nov 2003 04:39:59 -0800 (PST) (envelope-from scop@FreeBSD.org) Received: from posti.pp.htv.fi (posti.pp.htv.fi [212.90.64.50]) by smtp2.pp.htv.fi (Postfix) with ESMTP id 6EA8E296FE0 for ; Thu, 13 Nov 2003 14:39:58 +0200 (EET) Received: from [62.78.134.79] (cs78134079.pp.htv.fi [62.78.134.79]) /8.11.1) with ESMTP id hADCdwS17034 for ; Thu, 13 Nov 2003 14:39:58 +0200 (EET) From: Ville =?ISO-8859-1?Q?Skytt=E4?= To: freebsd-cvsweb@FreeBSD.org In-Reply-To: <22733.131.232.4.112.1068706277.squirrel@secure.athabascau.ca> References: <22733.131.232.4.112.1068706277.squirrel@secure.athabascau.ca> Content-Type: text/plain Organization: FreeBSD Message-Id: <1068727197.919.45.camel@bobcat.mine.nu> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) Date: Thu, 13 Nov 2003 14:39:57 +0200 Content-Transfer-Encoding: 7bit Subject: Re: fail to spawn rlog actually a taint issue X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS Web maintenance mailing list [restricted posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2003 12:40:03 -0000 On Thu, 2003-11-13 at 08:51, ausec@athabascau.ca wrote: > Insecure dependency in exec while running with -T switch at > cgi-bin/cvsweb.cgi line 2141 > > If I knew enough perl I'd change it to work correctly but for now if I > turn off taint it works Ok. Yep, known issue, bites when using FreeBSD-CVSweb < 2.9.1 with Perl >= 5.8. This has been fixed in 2.9.1 (the new beta), for earlier versions turning off taint mode is an ok workaround.