Tags:
create new tag
view all tags

Question

hi

I am running mod_perl with taint checking and getting this error on a upload of a file.

is there an issue with tainted variables or is it just my setup?

Error saving topic During save of PythonUnitTestsDisplayedInHTML an error was found by the version control system. Please notify your TWiki administrator.

=Insecure dependency in chmod while running with -T switch at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store/RcsWrap.pm line 468. at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store/RcsWrap.pm line 468 TWiki::Store::RcsWrap::_lock('TWiki::Store::RcsWrap=HASH(0x8c3830c)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store/RcsWrap.pm line 141 TWiki::Store::RcsWrap::addRevisionFromStream('TWiki::Store::RcsWrap=HASH(0x8c3830c)', 'Fh=GLOB(0x83d6fb8)', 'Updated to 0.8.1 inc Python 2.3 patch', 'AndyDent') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store.pm line 997 TWiki::Store::__ANON__() called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x8d60a38)', 'HASH(0x8d61314)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store.pm line 1002 TWiki::Store::__ANON__() called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x8d69f58)', 'HASH(0x8d580fc)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/Store.pm line 1041 TWiki::Store::saveAttachment('TWiki::Store=HASH(0x82ee810)', 'Compgeosci', 'PythonUnitTestsDisplayedInHTML', 'HTMLTestRunner.py.txt', 'TWiki::User=HASH(0x89c35d8)', 'HASH(0x8d6a138)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/UI/Upload.pm line 220 TWiki::UI::Upload::__ANON__() called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x82cf48c)', 'HASH(0x8d61548)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/UI/Upload.pm line 237 TWiki::UI::Upload::upload('TWiki=HASH(0x82f6824)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/UI.pm line 159 TWiki::UI::__ANON__() called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x814ed54)', 'HASH(0x8cb4f64)') called at /home/cgsrv5-1/cgtwiki/twiki-4.1.2/lib/TWiki/UI.pm line 199 TWiki::UI::run('CODE(0x88e0260)') called =

Go back in your browser and save your changes locally.

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: debian 4.0
Web server: apache 2.2
Perl version: perl 5.8.8
Client OS: linux
Web Browser: firefox
Categories: Permissions, Version control

-- TerryRankine - 31 Oct 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I am also facing same problem while uploading file to TWiki, some time files get uploaded with out error and sometime its gives above error.

-- AnjaniKumar - 01 Nov 2007

Have you noticed the 'tainted' error anywhere else?

-- TerryRankine - 02 Nov 2007

Sorry, closing this question after more than 30 days of inactivity. Please feel free to re-open if necessary.

-- PeterThoeny - 11 Dec 2007

I am having this problem with CPAN Archive:Zip for the Batch upload plugin. In my case the error box says:

Insecure dependency in chmod while running with -T switch at /usr/local/share/perl/5.8.4/Archive/Zip/Member.pm line 399. Archive::Zip::Member::extractToFileNamed('Archive::Zip::ZipFileMember=HASH(0x9043bc8)', '/home/httpd/twiki/working/work_areas/BatchUploadPlugin/116982...') called at /usr/local/share/perl/5.8.4/Archive/Zip/Archive.pm line 187 Archive::Zip::Archive::extractMemberWithoutPaths('Archive::Zip::Archive=HASH(0x9031c04)', 'Archive::Zip::ZipFileMember=HASH(0x9043bc8)', '/home/httpd/twiki/working/work_areas/BatchUploadPlugin/116982...') called at /home/httpd/twiki/lib/TWiki/Plugins/BatchUploadPlugin.pm line 338 TWiki::Plugins::BatchUploadPlugin::doUnzip('/home/httpd/twiki/working/work_areas/BatchUploadPlugin/116982914', 'Archive::Zip::Archive=HASH(0x9031c04)') called at /home/httpd/twiki/lib/TWiki/Plugins/BatchUploadPlugin.pm line 197 TWiki::Plugins::BatchUploadPlugin::updateAttachment('Sandbox', 'PCTestBed', 'TrashFiles.zip', '/tmp/GrG_j6BDWc', 'Test', '', '') called at /home/httpd/twiki/lib/TWiki/Plugins/BatchUploadPlugin.pm line 120 TWiki::Plugins::BatchUploadPlugin::beforeAttachmentSaveHandler('HASH(0x9031b68)', 'PCTestBed', 'Sandbox') called at /home/httpd/twiki/lib/TWiki/Plugin.pm line 266 TWiki::Plugin::invoke('TWiki::Plugin=HASH(0x8869e74)', 'beforeAttachmentSaveHandler', 'HASH(0x9031b68)', 'PCTestBed', 'Sandbox') called at /home/httpd/twiki/lib/TWiki/Plugins.pm line 344 TWiki::Plugins::_dispatch('TWiki::Plugins=HASH(0x8486fd0)', 'beforeAttachmentSaveHandler', 'HASH(0x9031b68)', 'PCTestBed', 'Sandbox') called at /home/httpd/twiki/lib/TWiki/Plugins.pm line 742 TWiki::Plugins::beforeAttachmentSaveHandler('TWiki::Plugins=HASH(0x8486fd0)', 'HASH(0x9031b68)', 'PCTestBed', 'Sandbox') called at /home/httpd/twiki/lib/TWiki/Store.pm line 991 TWiki::Store::__ANON__() called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x902f91c)', 'HASH(0x9031774)') called at /home/httpd/twiki/lib/TWiki/Store.pm line 1040 TWiki::Store::saveAttachment('TWiki::Store=HASH(0x84a4f90)', 'Sandbox', 'PCTestBed', 'TrashFiles.zip', 'JuanSaa', 'HASH(0x902f880)') called at /home/httpd/twiki/lib/TWiki/UI/Upload.pm line 239 TWiki::UI::Upload::__ANON__() called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x8f14b00)', 'HASH(0x902f784)') called at /home/httpd/twiki/lib/TWiki/UI/Upload.pm line 258 TWiki::UI::Upload::upload('TWiki=HASH(0x8160858)') called at /home/httpd/twiki/lib/TWiki/UI.pm line 159 TWiki::UI::__ANON__() called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 379 eval {...} called at /home/httpd/twiki/lib/CPAN/lib//Error.pm line 371 Error::subs::try('CODE(0x814ccd8)', 'HASH(0x8fb06cc)') called at /home/httpd/twiki/lib/TWiki/UI.pm line 197 TWiki::UI::run('CODE(0x82b95dc)', 'upload', 1) called

Does anybody have any clue about what the problem is? Thanks.

-- JuanSaa - 22 Jan 2009

ditto. same error on line 399 in BatchUploadPlugin

-- AndrewRobinson - 30 Jan 2009

As Andrew wrote in BatchUploadPluginDev, as a workaround you can take out the -T switch in the shi-bang line to disable taint checking. The proper solution is to fix the BatchUploadPlugin by sanitizing and untainting user supplied parameters before handing it over to Archive::Zip.

-- PeterThoeny - 01 Feb 2009

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2009-02-01 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.