Subject: Re: Insecure dependency in eval
To: Martti Kuparinen <email@example.com>
From: Roland Illig <rillig@NetBSD.org>
Date: 11/22/2005 11:21:12
Martti Kuparinen wrote:
> Any ideas what this is?
> Unusual System Events
> Nov 22 04:26:36 p130 spamd: spamd: Insecure dependency in eval
> while running setuid at
> line 913.
The code there looks quite ugly, but _seems_ secure to me (I'll continue
trying). It tries to distinguish a "safe" regular expression from a
non-safe, while not adhering to the coding guidelines for Perl's tainted
mode at all.
You should report this as an upstream bug.