Loading ...
Sorry, an error occurred while loading the content.

Re: Insecure $ENV{PATH} while running with -T at Mail/Mailer/sendmail.pm

Expand Messages
  • Stas Bekman
    ... The perlsec manpage suggests to set it, not delete it: $ENV{ PATH } = /bin:/usr/bin ; delete @ENV{ IFS , CDPATH , ENV , BASH_ENV }; ... For Insecure
    Message 1 of 7 , Apr 29, 2004
    • 0 Attachment
      Alexander.Farber@... wrote:
      > Hi,
      >
      > on the top of my mod_perl 1 script I have:
      >
      > package Taskit;
      >
      > BEGIN {
      > delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
      > }
      >
      > use Apache;
      > use Apache::Constants qw(OK);
      > use Apache::Request;
      > use Net::LDAP;
      > use Mail::Mailer qw(sendmail);
      > use GSCM::CCM::Session;
      > use Data::Dumper;
      > use strict;
      >
      > And still I get this error in the error_log:
      >
      > Apache::StatINC: process 4585 reloading Taskit.pm.
      > [Thu Apr 29 15:13:53 2004] [error] Insecure $ENV{PATH} while running with -T switch at /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.pm line 16.
      >
      > Is it some kind of mod_perl quirk? I thought
      > delete-ing $ENV{PATH} would help me with that error?

      The perlsec manpage suggests to set it, not delete it:

      $ENV{'PATH'} = '/bin:/usr/bin';
      delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
      ...
      For "Insecure $ENV{PATH}" messages, you need to set $ENV{'PATH'} to a
      known value, and each directory in the path must be non-writable by
      others than its owner and group. You may be surprised to get this mes-
      sage even if the pathname to your executable is fully qualified. This
      is not generated because you didn't supply a full path to the program;
      instead, it's generated because you never set your PATH environment
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      variable, or you didn't set it to something that was safe. Because
      Perl can't guarantee that the executable in question isn't itself going
      to turn around and execute some other program that is dependent on your
      PATH, it makes sure you set the PATH.

      so when you delete it, it's if it has never been set. Though admittedly this
      works for me on linux:

      % perl -Tle 'delete @ENV{qw(PATH BASH_ENV)}; qx|echo horray!|'

      So it probably varies from OS to OS.

      But now looking again at your output, it doesn't happen during the normal
      load, but only after reload, right? Any difference with setting PATH
      explicitly as the manpage suggests? Any difference if you use Apache::Reload
      instead of StatINC?


      __________________________________________________________________
      Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
      http://stason.org/ mod_perl Guide ---> http://perl.apache.org
      mailto:stas@... http://use.perl.org http://apacheweek.com
      http://modperlbook.org http://apache.org http://ticketmaster.com

      --
      Report problems: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
      List etiquette: http://perl.apache.org/maillist/email-etiquette.html
    • Alexander.Farber@nokia.com
      Hi Stas, thanks for your reply. I ve forgotten to mention it, but I have already tried BEGIN { delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}; $ENV{PATH} =
      Message 2 of 7 , Apr 30, 2004
      • 0 Attachment
        Hi Stas, thanks for your reply.

        I've forgotten to mention it, but I have already tried

        BEGIN {
        delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
        $ENV{PATH} = '/bin:/usr/bin';
        }

        And also the values '' and '/' for $ENV{PATH}.
        Unfortunately the error message when I'm sending mail with

        my $sendmail = Mail::Mailer->new();
        unless ($sendmail->open({From => $owner,
        To => join(', ', sort keys %DEFAULT_PERSONS),
        Cc => join(', ', sort keys %inform_persons),
        Subject => 'Taskit',
        'X-Sender-Host' => $client,
        })) {
        print "<H1>Cannot send mail ($!)</H1>\n";
        goto END;
        };
        print $sendmail $text;
        $sendmail->close();

        Stays the same:

        Apache::StatINC: process 4933 reloading Taskit.pm.
        [Fri Apr 30 09:54:49 2004] [error] Insecure $ENV{PATH} while running with -T switch at /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.pm line 16.

        The Apache 1.3.27 runs as ccm_root and thus shouldn't
        be able to overwrite these directories:

        boccm01:lib {133} ls -ld /bin
        lrwxrwxrwx 1 root root 9 Jul 6 1999 /bin -> ./usr/bin
        boccm01:lib {134} ls -ld /usr/bin
        drwxr-xr-x 4 root bin 9216 Apr 1 12:23 /usr/bin
        boccm01:lib {136} ls -ld /
        drwxr-xr-x 37 root root 1024 Dec 18 15:45 /

        I'll try to install Apache::Reload but wonder,
        why do you suggest it...

        Regards
        Alex


        > -----Original Message-----
        > From: ext Stas Bekman [mailto:stas@...]
        >
        > Alexander.Farber@... wrote:
        > >
        > > on the top of my mod_perl 1 script I have:
        > >
        > > package Taskit;
        > >
        > > BEGIN {
        > > delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
        > > }
        > >
        > > use Apache;
        > > use Apache::Constants qw(OK);
        > > use Apache::Request;
        > > use Net::LDAP;
        > > use Mail::Mailer qw(sendmail);
        > > use GSCM::CCM::Session;
        > > use Data::Dumper;
        > > use strict;
        > >
        > > And still I get this error in the error_log:
        > >
        > > Apache::StatINC: process 4585 reloading Taskit.pm.
        > > [Thu Apr 29 15:13:53 2004] [error] Insecure $ENV{PATH}
        > while running with -T switch at
        > /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.p
        > m line 16.
        > >
        > > Is it some kind of mod_perl quirk? I thought
        > > delete-ing $ENV{PATH} would help me with that error?
        >
        > The perlsec manpage suggests to set it, not delete it:
        >
        > $ENV{'PATH'} = '/bin:/usr/bin';
        > delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
        > ...
        > For "Insecure $ENV{PATH}" messages, you need to set
        > $ENV{'PATH'} to a
        > known value, and each directory in the path must be
        > non-writable by
        > others than its owner and group. You may be
        > surprised to get this mes-
        > sage even if the pathname to your executable is fully
        > qualified. This
        > is not generated because you didn't supply a full
        > path to the program;
        > instead, it's generated because you never set your
        > PATH environment
        >
        > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        > variable, or you didn't set it to something that was
        > safe. Because
        > Perl can't guarantee that the executable in question
        > isn't itself going
        > to turn around and execute some other program that is
        > dependent on your
        > PATH, it makes sure you set the PATH.
        >
        > so when you delete it, it's if it has never been set. Though
        > admittedly this works for me on linux:
        >
        > % perl -Tle 'delete @ENV{qw(PATH BASH_ENV)}; qx|echo horray!|'
        >
        > So it probably varies from OS to OS.
        >
        > But now looking again at your output, it doesn't happen during the normal
        > load, but only after reload, right? Any difference with setting PATH
        > explicitly as the manpage suggests? Any difference if you use
        > Apache::Reload instead of StatINC?

        --
        Report problems: http://perl.apache.org/bugs/
        Mail list info: http://perl.apache.org/maillist/modperl.html
        List etiquette: http://perl.apache.org/maillist/email-etiquette.html
      • Stas Bekman
        ... Alex, please show me a complete minimal test case. You might be able to reproduce it by dropping the whole Mail::Mailer and just using a line similar to
        Message 3 of 7 , Apr 30, 2004
        • 0 Attachment
          Alexander.Farber@... wrote:
          > Hi Stas, thanks for your reply.
          >
          > I've forgotten to mention it, but I have already tried
          >
          > BEGIN {
          > delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
          > $ENV{PATH} = '/bin:/usr/bin';
          > }

          Alex, please show me a complete minimal test case. You might be able to
          reproduce it by dropping the whole Mail::Mailer and just using a line similar
          to where it fails: exec( $exe, '-t', @$args ); e.g. exec ("/bin/echo", "hi");
          I believe. If it doesn't work, use Mail::Mailer but give me a complete
          (minimal) module which still fails. Otherwise it's hard to reproduce it, since
          you only show part of it.

          Also does the problem go away when you don't use the reloader? It's been ages
          since I last used StatINC, why does it print:

          Apache::StatINC: process 4933 reloading Taskit.pm.

          did you enable the debug mode or something. Does it happen during the reload
          or after it was reloaded. I suppose it was after it was reloaded. could it be
          that Mail::Mailer redefines $ENV{PATH} in its code? check what's the value
          that you get before you call the code that fails.

          __________________________________________________________________
          Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
          http://stason.org/ mod_perl Guide ---> http://perl.apache.org
          mailto:stas@... http://use.perl.org http://apacheweek.com
          http://modperlbook.org http://apache.org http://ticketmaster.com

          --
          Report problems: http://perl.apache.org/bugs/
          Mail list info: http://perl.apache.org/maillist/modperl.html
          List etiquette: http://perl.apache.org/maillist/email-etiquette.html
        • Alexander.Farber@nokia.com
          Hi Stas, sorry for not replying - too much pressure at work and I have to finish my mod_perl-script (a Continuus trigger) tonight. I don t have time to install
          Message 4 of 7 , Apr 30, 2004
          • 0 Attachment
            Hi Stas,

            sorry for not replying - too much pressure at work and
            I have to finish my mod_perl-script (a Continuus trigger)
            tonight. I don't have time to install Apache::Reload,
            but I've tried to create a test case for you - running:

            package Testcase;

            BEGIN {
            delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
            $ENV{PATH} = '/bin:/usr/bin:/usr/lib';
            }

            use Apache;
            use Apache::Constants qw(OK);
            use Mail::Mailer qw(sendmail);
            use strict;

            sub handler
            {
            my $r = shift;
            $r->send_http_header('text/plain');

            #$ENV{PATH} = '/bin:/usr/bin:/usr/lib';
            my $sendmail = Mail::Mailer->new();
            unless ($sendmail->open({From => 'Alexander.Farber@...',
            To => 'stas@...',
            Subject => 'Test case',
            })) {
            print "Can not send mail: $!\n";
            $r->log_error("Can not send mail: $!");
            return OK;
            }
            print $sendmail "Test case\n";
            $sendmail->close();

            #open my $MAILX, "|/usr/bin/mailx -r afarber -s 'Test case' afarber"
            #or die "Can not open pipe to /usr/bin/mailx: $!\n";
            #print $MAILX "Test case\n";
            #close $MAILX or die "Can not close pipe to /usr/bin/mailx: $!\n";

            return OK;
            }

            1;


            gives me the error:


            [Fri Apr 30 19:21:22 2004] [notice] SIGHUP received. Attempting to restart
            [Fri Apr 30 19:21:23 2004] [notice] Apache/1.3.27 (Unix) mod_perl/1.27 configured -- resuming normal operations
            [Fri Apr 30 19:21:23 2004] [notice] Accept mutex: fcntl (Default: fcntl)
            ....
            [Fri Apr 30 19:23:14 2004] [error] Insecure $ENV{PATH} while running with -T switch at /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.pm line 16.


            Yes, I'm using Apache::StatINC:


            PerlModule Apache::StatINC
            PerlModule Testcase
            <Location /testcase>
            SetHandler perl-script
            PerlHandler Testcase
            PerlInitHandler Apache::StatINC
            PerlSetVar StatINCDebug On
            </Location>


            I believe it's not Mail::Mailer's problem, as I tried opening
            a pipe to mailx (see the code above) and have got the same error:


            Apache::StatINC: process 421 reloading Taskit.pm.
            [Fri Apr 30 19:26:27 2004] [error] Insecure $ENV{PATH} while running with -T switch at /appl/continuus/ccm-5.1-SunOS/gscm/lib/Testcase.pm line xx.


            I've workarounded my problem by moving the line

            $ENV{PATH} = '/bin:/usr/bin:/usr/lib';

            from the BEGIN block into the handler sub, right before I call

            my $sendmail = Mail::Mailer->new();
            $sendmail->open(....);

            So it looks to me, that it's a problem of mod_perl
            or maybe of the Apache::StatINC

            Regards
            Alex

            > -----Original Message-----
            > From: ext Stas Bekman [mailto:stas@...]
            >
            > Alexander.Farber@... wrote:
            > >
            > > I've forgotten to mention it, but I have already tried
            > >
            > > BEGIN {
            > > delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
            > > $ENV{PATH} = '/bin:/usr/bin';
            > > }
            >
            > Alex, please show me a complete minimal test case. You might
            > be able to reproduce it by dropping the whole Mail::Mailer and just
            > using a line similar to where it fails: exec( $exe, '-t', @$args );
            > e.g. exec ("/bin/echo", "hi");
            > I believe. If it doesn't work, use Mail::Mailer but give me a complete
            > (minimal) module which still fails. Otherwise it's hard to
            > reproduce it, since
            > you only show part of it.
            >
            > Also does the problem go away when you don't use the
            > reloader? It's been ages since I last used StatINC, why does it print:
            >
            > Apache::StatINC: process 4933 reloading Taskit.pm.
            >
            > did you enable the debug mode or something. Does it happen
            > during the reload or after it was reloaded. I suppose it was after it was
            > reloaded. could it be that Mail::Mailer redefines $ENV{PATH} in its code? check
            > what's the value that you get before you call the code that fails.

            --
            Report problems: http://perl.apache.org/bugs/
            Mail list info: http://perl.apache.org/maillist/modperl.html
            List etiquette: http://perl.apache.org/maillist/email-etiquette.html
          • Alexander.Farber@nokia.com
            I ve also tried removing Apache::StatINC from everywhere in the httpd.conf: #PerlModule Apache::StatINC PerlModule Testcase SetHandler
            Message 5 of 7 , Apr 30, 2004
            • 0 Attachment
              I've also tried removing Apache::StatINC
              from everywhere in the httpd.conf:

              #PerlModule Apache::StatINC
              PerlModule Testcase
              <Location /testcase>
              SetHandler perl-script
              PerlHandler Testcase
              #PerlInitHandler Apache::StatINC
              #PerlSetVar StatINCDebug On
              </Location>

              and still get the same error:

              [Fri Apr 30 19:35:36 2004] [error] Insecure $ENV{PATH} while running with -T switch at /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.pm line 16.

              --
              Report problems: http://perl.apache.org/bugs/
              Mail list info: http://perl.apache.org/maillist/modperl.html
              List etiquette: http://perl.apache.org/maillist/email-etiquette.html
            • Stas Bekman
              Alexander.Farber@nokia.com wrote: [...] ... Not mod_perl s problem, but some piece of code that messes with $ENV{PATH}. All mod_perl is doing is setting -T.
              Message 6 of 7 , Apr 30, 2004
              • 0 Attachment
                Alexander.Farber@... wrote:
                [...]
                > I've workarounded my problem by moving the line
                >
                > $ENV{PATH} = '/bin:/usr/bin:/usr/lib';
                >
                > from the BEGIN block into the handler sub, right before I call
                >
                > my $sendmail = Mail::Mailer->new();
                > $sendmail->open(....);
                >
                > So it looks to me, that it's a problem of mod_perl
                > or maybe of the Apache::StatINC

                Not mod_perl's problem, but some piece of code that messes with $ENV{PATH}.
                All mod_perl is doing is setting -T. You didn't answer this question:

                "could it be that Mail::Mailer redefines $ENV{PATH} in its code? check what's
                the value that you get before you call the code that fails."

                The fact that setting it in the handler solves the problem, suggests that
                either the BEGIN block is not being run (add a warn "BEGIN is running" to
                test) or something resets that env var.


                __________________________________________________________________
                Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
                http://stason.org/ mod_perl Guide ---> http://perl.apache.org
                mailto:stas@... http://use.perl.org http://apacheweek.com
                http://modperlbook.org http://apache.org http://ticketmaster.com

                --
                Report problems: http://perl.apache.org/bugs/
                Mail list info: http://perl.apache.org/maillist/modperl.html
                List etiquette: http://perl.apache.org/maillist/email-etiquette.html
              Your message has been successfully submitted and would be delivered to recipients shortly.