Taint check

Colin Bendell cbendell at point2.com
Wed May 28 16:33:45 UTC 2003


The only way to get IIS working is to do the all or none approach and
use the perl.exe mapping, not the perils.dll aspi mapping.  As I
understand it, not all the admin pages with this approach.

/colin

-----Original Message-----
From: J. Paul Reed [mailto:preed at sigkill.com] 
Sent: Wednesday, May 28, 2003 9:35 AM
To: developers at bugzilla.org
Subject: Re: Taint check

On 28 May 2003 at 08:55:20, Colin Bendell moved bits on my disk to say:

> Yes, and this seems to be the problem.  I'm using ActiveState's
> perlis.dll to execute the perl cgi which doesn't support the taint
check
> (because it is loaded early).

You might also take a look at bug 140784; I only skimmed it, but a
comment
in another bug said "If you're using IIS, there's some additional
setup you have to do for taint mode to work." That would seem to imply
that
taint mode *does* work with Win32, with a workaround.

If you're having problems, I think this is a bug that we might have to
fix
for 2.18... but we should confirm that it is indeed a bug.

> Isn't the taint check just as much a problem when using mod_perl?  

I don't know, but I don't think so... bbaetz would know for sure.

> For now I'm content to remove the -T switch and let cvs do the diffs
for
> me :)

I wouldn't do that on a public installation if I were you; that's not
really the solution to the problem, especially on Win32.

Later,
Paul
------------------------------------------------------------------------
J. Paul Reed -- 0xDF8708F8 || preed at sigkill.com || web.sigkill.com/preed
To hold on to sanity too tight is insane.   -- Nick Falzone, Pushing Tin

I use PGP; you should use PGP too... if only to piss off John Ashcroft
----
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=cbendell@point2.com>




More information about the developers mailing list