[Pkg-sympa-devel] Bug#516164: sympa: 2 Insecure errors when running setuid in apache error log
Emmanuel Bouthenot
kolter at openics.org
Mon Dec 19 20:39:54 UTC 2011
Hi Olivier,
On Thu, Dec 15, 2011 at 02:21:04PM +0100, Olivier Berger wrote:
[...]
> I'm not sure, but I don't think so, for those errors above.
>
> On the other hand, the problem with these warnings :
> mod_fcgid: stderr: Insecure dependency in open while running setuid at /usr/share/sympa/lib/Lock.pm line 253., referer: https://cgt-int.dnsalias.org/wws
> mod_fcgid: stderr: Insecure dependency in open while running setuid at /usr/share/sympa/lib/List.pm line 9703., referer: https://cgt-int.dnsalias.org/wws
> is still there in the squeeze-backports version (6.1.4~dfsg-1~bpo60+1)
That's weird, I've never encountered such errors. Could tell me more
about your apache/fcgid setup for wwsympa?
> It seems that the wwsympa_sudo_wrapper.pl sudo wrapper is not
> distributed in that version... so I'm not sure what's wrong....
If I remember well, sudo wrapper was dropped from upstream sources about
2 years ago :)
> I don't know if you want to take care about that backports version in this ticket.
I will try to fix every bug I can reproduce :)
M.
--
Emmanuel Bouthenot
mail: kolter@{openics,debian}.org gpg: 4096R/0x929D42C3
xmpp: kolter at im.openics.org irc: kolter@{freenode,oftc}
More information about the Pkg-sympa-devel
mailing list