fail to spawn rlog actually a taint issue
VilleSkyttä
scop at FreeBSD.org
Thu Nov 13 04:40:03 PST 2003
On Thu, 2003-11-13 at 08:51, ausec at athabascau.ca wrote:
> Insecure dependency in exec while running with -T switch at
> cgi-bin/cvsweb.cgi line 2141
>
> If I knew enough perl I'd change it to work correctly but for now if I
> turn off taint it works Ok.
Yep, known issue, bites when using FreeBSD-CVSweb < 2.9.1 with Perl >=
5.8. This has been fixed in 2.9.1 (the new beta), for earlier versions
turning off taint mode is an ok workaround.
More information about the freebsd-cvsweb
mailing list