Re: postgrey and perl-5.18.0

[uwe%stderr.spb.ru@localhost (Valery Ushakov)]

Valery Ushakov <uwe%stderr.spb.ru@localhost> wrote:

> I've just ran into the same problem.
> 
> Martin Husemann <martin%duskware.de@localhost> wrote:
> 
>> I removed the -T from the interpreter line and now it works.
>> Of course this is not good (tm), but it points at the issue.
>> Is there any way to get a stacktrace when a tainted check fails?
>> On another machine I can break it even earlier:
>> 
>> # postgrey -v -i 2525
>> 2013/06/01-19:47:40 postgrey (type Net::Server::Multiplex) starting! 
>> pid(6443)
>> Resolved [localhost]:2525 to [::1]:2525, IPv6
>> Resolved [localhost]:2525 to [127.0.0.1]:2525, IPv4
>> Binding to TCP port 2525 on host ::1 with IPv6
>> Insecure dependency in socket while running with -T switch at 
>> /usr/pkg/lib/perl5/5.18.0/i386-netbsd-thread-multi/IO/Socket.pm line 81.
>> 
>> That line is a socket() call, but I can not figure out from where
>> it is called or with wich args.
> 
> ktrace'ing shows that perl complains about:
> 
>  ERROR: Insecure dependency in open while running with -T switch at
>  /usr/pkg/lib/perl5/vendor_perl/5.18.0/Net/Server/Daemonize.pm line 75.
> 
> If you pre-create a pid-file, it complains about insecure dependency
> on unlink :)

Thanks to moof@ for the hint.  pidfile argument is tainted.  dbdir is
too, but it's untained at line 550, so I just added after that:

    # XXX: untaint pidfile
    if($opt{pidfile}) { 
        $opt{pidfile} =~ /^(.*)$/; $opt{pidfile} = $1;
    }

and it works.

-uwe