taint checking setuid error message 
Author Message
 taint checking setuid error message

I'm running perl v4 (actually ingperl v4). I get the following message when
running the script as any user other than the owner of the script:

Can't run setuid script with taint checks.

I got this message even though I did not have the set user id bit set on
the script. Setting the bit had no effect, still get the error message.

Any help would be appreciated!



Fri, 30 Nov 2001 03:00:00 GMT  
 taint checking setuid error message

Quote:

> I'm running perl v4

When that version of Perl was current, OJ Simpson was best known for being
a Heisman trophy winner. He still can't seem to find the real killer, but
you can (and should) find the real Perl.

    http://www.cpan.org/

There are even CERT advisories telling why such old software isn't safe to
use. Please upgrade.

Quote:
> (actually ingperl v4).

Well, you can probably do whatever it is that was special about ingperl
with a module (a database module, perhaps?). And your code will be more
reliable for no extra cost.

Cheers!

--
Tom Phoenix       Perl Training and Hacking       Esperanto
Randal Schwartz Case:     http://www.rahul.net/jeffrey/ovs/



Fri, 30 Nov 2001 03:00:00 GMT  
 taint checking setuid error message

Quote:


> > I'm running perl v4

> When that version of Perl was current, OJ Simpson was best known for being
> a Heisman trophy winner. He still can't seem to find the real killer, but
> you can (and should) find the real Perl.

>     http://www.cpan.org/

In the words of Randal, "heh".

Quote:
> There are even CERT advisories telling why such old software isn't safe to
> use. Please upgrade.

> > (actually ingperl v4).

> Well, you can probably do whatever it is that was special about ingperl
> with a module (a database module, perhaps?). And your code will be more
> reliable for no extra cost.

IngPerl was the old Ingres database code for Perl.  It has been
supplanted by the DBI module and the appropriate DBD::* module.
And these need a modern Perl to run.  So pay attention to TomP.

HTH,
David
--

Senior computing specialist
mathematical statistician



Sat, 01 Dec 2001 03:00:00 GMT  
 taint checking setuid error message
I agree that I need to update to a newer version of Perl. The problem is
that a vendor supplied app has not yet been updated to run with anything
greater than version 4.

I did get a chuckle from the OJ comment but was hoping for some
enlightenment regarding the taint checking message. That could help even
when I eventually do upgrade.



Quote:


> > > I'm running perl v4

> > When that version of Perl was current, OJ Simpson was best known for
being
> > a Heisman trophy winner. He still can't seem to find the real killer,
but
> > you can (and should) find the real Perl.

> >     http://www.cpan.org/

> In the words of Randal, "heh".

> > There are even CERT advisories telling why such old software isn't safe
to
> > use. Please upgrade.

> > > (actually ingperl v4).

> > Well, you can probably do whatever it is that was special about ingperl
> > with a module (a database module, perhaps?). And your code will be more
> > reliable for no extra cost.

> IngPerl was the old Ingres database code for Perl.  It has been
> supplanted by the DBI module and the appropriate DBD::* module.
> And these need a modern Perl to run.  So pay attention to TomP.

> HTH,
> David
> --

> Senior computing specialist
> mathematical statistician



Sat, 01 Dec 2001 03:00:00 GMT  
 
 [ 6 post ] 

 Relevant Pages 

1. setuid taint check on Perl4.036

2. Taint checking, setuid cgi scripts, and user administration

3. misleading taint error message with DBI?

4. misleading taint error message with DBI?

5. setuid taint mode broken; perl reputation suffers

6. Variable tainting / setuid

7. TAINTED uperl.o sybperl setuid script

8. Taint problem with setuid script

9. Judicious use of setuid still triggers taint?

10. chmod in setuid Perl script complains about tainted values

11. setuid cgi script, and taint

12. taint check with PerlIS.dll/ISAPI (repost)

 

 
Powered by phpBB® Forum Software