Taint check
Colin Bendell
cbendell at point2.com
Wed May 28 16:33:45 UTC 2003
The only way to get IIS working is to do the all or none approach and
use the perl.exe mapping, not the perils.dll aspi mapping. As I
understand it, not all the admin pages with this approach.
/colin
-----Original Message-----
From: J. Paul Reed [mailto:preed at sigkill.com]
Sent: Wednesday, May 28, 2003 9:35 AM
To: developers at bugzilla.org
Subject: Re: Taint check
On 28 May 2003 at 08:55:20, Colin Bendell moved bits on my disk to say:
> Yes, and this seems to be the problem. I'm using ActiveState's
> perlis.dll to execute the perl cgi which doesn't support the taint
check
> (because it is loaded early).
You might also take a look at bug 140784; I only skimmed it, but a
comment
in another bug said "If you're using IIS, there's some additional
setup you have to do for taint mode to work." That would seem to imply
that
taint mode *does* work with Win32, with a workaround.
If you're having problems, I think this is a bug that we might have to
fix
for 2.18... but we should confirm that it is indeed a bug.
> Isn't the taint check just as much a problem when using mod_perl?
I don't know, but I don't think so... bbaetz would know for sure.
> For now I'm content to remove the -T switch and let cvs do the diffs
for
> me :)
I wouldn't do that on a public installation if I were you; that's not
really the solution to the problem, especially on Win32.
Later,
Paul
------------------------------------------------------------------------
J. Paul Reed -- 0xDF8708F8 || preed at sigkill.com || web.sigkill.com/preed
To hold on to sanity too tight is insane. -- Nick Falzone, Pushing Tin
I use PGP; you should use PGP too... if only to piss off John Ashcroft
----
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=cbendell@point2.com>
More information about the developers
mailing list