Subject: Re: Insecure dependency in eval
To: Martti Kuparinen <>
From: Roland Illig <>
List: tech-pkg
Date: 11/22/2005 11:21:12
Martti Kuparinen wrote:
> Any ideas what this is?
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Nov 22 04:26:36 p130 spamd[23228]: spamd: Insecure dependency in eval 
> while running setuid at 
> /usr/pkg/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Conf/ 
> line 913.

The code there looks quite ugly, but _seems_ secure to me (I'll continue 
trying). It tries to distinguish a "safe" regular expression from a 
non-safe, while not adhering to the coding guidelines for Perl's tainted 
mode at all.

You should report this as an upstream bug.