Forum
Insecure dependency
Barry Kauler
13 July 2008, 04:20
Hi, I have a problem with Hiawatha, that is a show-stopper for me.
I want to use Hiawatha to serve a tiny blog called PPLOG. This is a single 80KB Perl script, with one css file and a couple of images. It's a great little blog -- I use it on my Puppy Linux site at http://puppylinux.com/blog/.
Anyway, I compiled and installed Hiawatha, then placed PPLOG inside the webrootdir, and PPLOG works, or rather almost works.
I was able to make a post to the blog, but cannot edit an entry after it is posted.
The blog is at <webrootdir>/blog and posts go into <webrootdir>/blog/posts, as plain text files. The first post is a file named 00000.ppl. When I attempt to edit this post, I get this message:
Insecure dependency in open while running setuid at <webrootdir>/blog/pplog.pl line 901.
I substituted the actual path with <webrootdir>. The error is where the Perl script is trying to open the 00000.ppl for writing. It doesn't matter what user id, group id or permissions I give to 00000.ppl, Hiawatha will not let PPLOG write to it.
Can you please advise how I can work around this problem?
I want to use Hiawatha to serve a tiny blog called PPLOG. This is a single 80KB Perl script, with one css file and a couple of images. It's a great little blog -- I use it on my Puppy Linux site at http://puppylinux.com/blog/.
Anyway, I compiled and installed Hiawatha, then placed PPLOG inside the webrootdir, and PPLOG works, or rather almost works.
I was able to make a post to the blog, but cannot edit an entry after it is posted.
The blog is at <webrootdir>/blog and posts go into <webrootdir>/blog/posts, as plain text files. The first post is a file named 00000.ppl. When I attempt to edit this post, I get this message:
Insecure dependency in open while running setuid at <webrootdir>/blog/pplog.pl line 901.
I substituted the actual path with <webrootdir>. The error is where the Perl script is trying to open the 00000.ppl for writing. It doesn't matter what user id, group id or permissions I give to 00000.ppl, Hiawatha will not let PPLOG write to it.
Can you please advise how I can work around this problem?
Barry Kauler
13 July 2008, 05:04
Okay, I have a workaround that does get PPLOG working. My apologies, it turns out the error message is from Perl. I posted my problem to my Puppy Linux blog and received a reply with this interesting link:
http://www.washington.edu/perl5man/pod/perlsec.html
I'm puzzled though, as PPLOG does not start the Perl interpreter with the '-T' option so it shouldn't be doing any tainted checks. Anyway, if I change the first line of the script to:
#!/usr/bin/perl -U
where the '-U' is "allow unsafe operations" then PPLOG works.
That is a very bad hack though!
http://www.washington.edu/perl5man/pod/perlsec.html
I'm puzzled though, as PPLOG does not start the Perl interpreter with the '-T' option so it shouldn't be doing any tainted checks. Anyway, if I change the first line of the script to:
#!/usr/bin/perl -U
where the '-U' is "allow unsafe operations" then PPLOG works.
That is a very bad hack though!
Hugo Leisink
13 July 2008, 20:42
The error message you posted is indeed not a Hiawatha error message. Is everything working oke now? Or are things missing in Hiawatha?
Eric Mulcaster
21 September 2009, 00:37
Hugo,
Hiawatha is doing a bang up job on puppylinux.ca. The newest release is running very well and is doing exactly what it is intended.
Thanks,
Eric
Hiawatha is doing a bang up job on puppylinux.ca. The newest release is running very well and is doing exactly what it is intended.
Thanks,
Eric
Hugo Leisink
21 September 2009, 00:48
You're welcome! Spread the word 
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
