Date: Thu, 13 Nov 2003 14:39:57 +0200 From: Ville =?ISO-8859-1?Q?Skytt=E4?= <scop@FreeBSD.org> To: freebsd-cvsweb@FreeBSD.org Subject: Re: fail to spawn rlog actually a taint issue Message-ID: <1068727197.919.45.camel@bobcat.mine.nu> In-Reply-To: <22733.131.232.4.112.1068706277.squirrel@secure.athabascau.ca> References: <22733.131.232.4.112.1068706277.squirrel@secure.athabascau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2003-11-13 at 08:51, ausec@athabascau.ca wrote: > Insecure dependency in exec while running with -T switch at > cgi-bin/cvsweb.cgi line 2141 > > If I knew enough perl I'd change it to work correctly but for now if I > turn off taint it works Ok. Yep, known issue, bites when using FreeBSD-CVSweb < 2.9.1 with Perl >= 5.8. This has been fixed in 2.9.1 (the new beta), for earlier versions turning off taint mode is an ok workaround.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068727197.919.45.camel>