5

What could explain this compile-time error message when running Inline::Python in -T mode?

Insecure dependency in open while running with -T switch at /usr/local/lib/perl/5.14.2/Inline/Python.pm line 193.

Line 193 is where Inline::Python opens $o->{API}{location}, which I take to be the "Inline DIRECTORY".

I have, of course, used the required options:

use constant _INLINE_DIR_ => '/var/myapp/inline';
use Inline Config => UNTAINT         => 1,
                     NO_UNTAINT_WARN => 1,
                     DIRECTORY       => _INLINE_DIR_;

I have made sure that /var/myapp/inline and everything inside it is writable by everyone, obviously including both root and the user that the application is setuid'ed to at run-time.

The very same script works without problem on my computer, whether I start it as root or not, running Inline 0.50 Inline::Python 0.43, but gives me this error when I try running it on a server that uses the same version of Inline::Python and either version 0.49 or 0.55 of Inline.

scozy
  • 2,411
  • 15
  • 34
  • When you say /var/myapp/inline is writable by everyone, what are the actual permissions? If it's world (or perhaps even just group) writable, Taint may be seeing that as an Insecure dependency. – Randall Jun 09 '14 at 19:04

1 Answers1

1

Since this is different in different environments, my bet is that somehow there's an environment variable that either Inline or Inline::Python is reading before it does the step requested by the UNTAINT config parameter.

(Contrary to the comment, I don't think that file permissions could cause this message, only insecure dependencies on command-line parameters or environment variables)

Given that, I'd start your script by forcibly clearing the environment and then adding in only those environmental variables you know you need:

%ENV = ();
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';  # Or whatever's appropriate
$ENV{'PYTHONPATH'} = '/usr/local/lib/python';   # Optional, if appropriate
# ... etc ...
Daniel Martin
  • 21,725
  • 6
  • 46
  • 64