Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^2: perl 5.8.4, IO::Socket, and taint checking

by Anonymous Monk
on Mar 27, 2013 at 16:01 UTC ( #1025751=note: print w/ replies, xml ) Need Help??


in reply to Re: perl 5.8.4, IO::Socket, and taint checking
in thread perl 5.8.4, IO::Socket, and taint checking

This problem has reared its head in perl 5.14.2 on FreeBSD 8.3 in the execution of postgrey. Turning off taint checking makes the error go away.

postgrey --inet=10023 --pidfile=/var/run/postgrey.pid \
--user=postgrey --group=postgrey  --dbdir=/var/db/postgrey
2013/03/27-08:53:46 postgrey (type Net::Server::Multiplex) starting! pid(45305)
Resolved localhost:10023 to ::1:10023, IPv6
Resolved localhost:10023 to ::1:10023, IPv6
Resolved localhost:10023 to 127.0.0.1:10023, IPv4
Resolved localhost:10023 to 127.0.0.1:10023, IPv4
Duplicate configuration (TCP) on ::1:10023 with IPv6) - skipping
Duplicate configuration (TCP) on 127.0.0.1:10023 with IPv4) - skipping
Binding to TCP port 10023 on host ::1 with IPv6
Insecure dependency in socket while running with -T switch at /usr/local/lib/perl5/site_perl/5.14.2/mach/IO/Socket.pm line 80.
Is the bug in perl itself or in the perl modules it calls? All have been rebuilt and reinstalled from source in the past few days to ensure nothing was damaged or out of date. FWIW, it doesn't happen if you choose the unix domain socket but then you can't daemonize the process on the command line: you can add an & but you can't use the -d argument. Details:
===>   postgrey-1.34_4 depends on package: p5-Net-Server>=0 - found
===>   postgrey-1.34_4 depends on package: p5-IO-Multiplex>=0 - found
===>   postgrey-1.34_4 depends on package: p5-Parse-Syslog>=0 - found
===>   postgrey-1.34_4 depends on package: p5-BerkeleyDB>=0 - found
===>   postgrey-1.34_4 depends on package: p5-Net-DNS>=0 - found
===>   postgrey-1.34_4 depends on file: /usr/local/bin/perl5.14.2 - found


make pretty-print-run-depends-list
This port requires package(s) "db47-4.7.25.4 p5-BerkeleyDB-0.51 p5-Digest-HMAC-1.03 p5-IO-Multiplex-1.13 p5-IO-Socket-INET6-2.69 p5-Net-DNS-0.72 p5-Net-Server-2.007 p5-Parse-Syslog-1.10 p5-Socket6-0.23 perl-5.14.2_3" to run.


Comment on Re^2: perl 5.8.4, IO::Socket, and taint checking
Re^3: perl 5.8.4, IO::Socket, and taint checking
by Anonymous Monk on Mar 27, 2013 at 16:22 UTC
    FreeBSD bug filed against this here: http://www.freebsd.org/cgi/query-pr.cgi?pr=177416
      The underlying issue was something of a reincarnation of CPAN hell: stale ports which included outdated, taint-dirty code that produced a namespace conflict with current base code. Once the old ports were removed and the local perl install recreated with only those ports needed as dependencies, postgrey began working normally.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1025751]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2014-11-28 17:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (199 votes), past polls