Re: Taint problem with DBIx::ContextualFetch

[prev] [thread] [next] [Date index for 2004/09/09]

From: Jesse Sheidlower
Subject: Re: Taint problem with DBIx::ContextualFetch
Date: 16:13 on 09 Sep 2004

On Thu, Sep 09, 2004 at 05:06:22PM +0100, Tony Bowden wrote:
> On Thu, Sep 09, 2004 at 10:49:28AM -0400, Jesse Sheidlower wrote:
> > [Thu Sep 9 10:42:50 2004] [error] Insecure dependency in
> > parameter 2 of
> > DBIx::ContextualFetch::st=HASH(0xd0432c0)->bind_param method
> > call while running with -T switch at
> > /usr/local/lib/perl5/site_perl/5.8.5/Apache/Session/Store/DBI.pm
> > line 113.\n
> 
> Can you replicate this? Can you reduce it to a script that exhibits this
> behaviour?

I can replicate it 100% of the time on this system (which has
"PerlTaintCheck on" in httpd.conf; this behaviour doesn't
occur on another system without this), but it would be
rather difficult to try to reduce it to a test case, as it's
part of a sprawling set of modules. Is there anything I can
try to do before this?

Jesse Sheidlower

Taint problem with DBIx::ContextualFetch
Jesse Sheidlower 14:49 on 09 Sep 2004

Re: Taint problem with DBIx::ContextualFetch
Tony Bowden 16:06 on 09 Sep 2004

Re: Taint problem with DBIx::ContextualFetch
Jesse Sheidlower 16:13 on 09 Sep 2004

Generated at 11:34 on 01 Dec 2004 by mariachi v0.52