[RADIATOR] issue with 4.8 (+ patches) with setuid
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Jun 20 12:56:49 CDT 2011
hi,
got this error:
Insecure dependency in eval while running setuid at /usr/local/lib/perl5/site_perl/5.12.2/Radius/Configurable.pm line 73
checked that Configurable.pm file and it appears to be doing a nice
eval on the $_[2] parameter - this could be used by a cracker if its
not checked/sanitized....
now, its not compltely clear where this unchecked string is coming from
so therefore still not sure if this could ever be a 'safe value' that couldnt
be corrupted by someone wanting to get extra access or mess around..
however, currently sidestepped by defining a local variable to $_[2]
and using that in the call on line 73 .... is there a cleaner/safer
way to operate this - I dont recall this being around in 4.7
many thanks
alan
More information about the radiator
mailing list