[tpm] IO::Socket, perl -T and insecure dependency in bind

Antonio T. Sun mlist.ats at spamgourmet.com
Tue Dec 3 11:25:59 PST 2013


Hi,

I have this error that I want to fix:

  Insecure dependency in bind while running with -T switch at
/usr/lib/perl/5.14/IO/Socket.pm line 202.

To me, the weirder part is not the error message itself, but how it
appears. Enclosed list [1], and also available under
http://pastebin.com/wqcHGfme, is the source code that invokes perl with the
-T switch, and does not show the above insecure dependency issue.

Now take a look at this (minor) change:


$ diff -wU 1 pixelserv2 pixelserv2
--- pixelserv2  2013-12-02 20:41:46.075685600 -0500
+++ pixelserv3  2013-12-02 20:37:29.943685600 -0500
@@ -4,2 +4,4 @@

+my $conffile = "/etc/pixelserv.ip";
+
 my $crlf  = "\015\012";
@@ -9,4 +11,8 @@

+open(my $fh, "<", $conffile) || die "can't open $conffile: $!";
+my $listento = do { local $/; <$fh> };
+close($fh) || die "can't close $conffile: $!";
+
 my $sock = new IO::Socket::INET(
-    LocalHost => '0.0.0.0',
+    LocalHost => $listento,
     LocalPort => '80',


To me, the change is really minor, but the impact is huge. I now have such
insecure dependency issue.

Why it was OK, and now is not? How to fix it?

Thanks

Antonio

[1] source list

   1. #! /usr/bin/perl -Tw
   2.
   3. use IO::Socket::INET;
   4.
   5. my $crlf  = "\015\012";
   6. my $pixel = pack( "C*",
   7.     qw(71 73 70 56 57 97 1 0 1 0 128 0 0 255 255 255 0 0 0 33 249 4 1
   0 0 0 0 44 0 0 0 0 1 0 1 0 0 2 2 68 1 0 59)
   8. );
   9.
   10. my $sock = new IO::Socket::INET(
   11.     LocalHost => '0.0.0.0',
   12.     LocalPort => '80',
   13.     Proto     => 'tcp',
   14.     Listen    => 30,
   15.     Reuse     => 1
   16. );
   17.
   18. if ( !defined($sock) ) {
   19.     print "error : cannot bind : $! exit\n";
   20.     exit(1);
   21. }
   22.
   23. while (my  $new_sock = $sock->accept() ) {
   24.     while (<$new_sock>) {
   25.         chop;
   26.         chop;
   27.
   28.         # print "$_\n";
   29.         if ( $_ eq '' ) { last; }
   30.     }
   31.     print $new_sock "HTTP/1.1 200 OK$crlf";
   32.     print $new_sock "Content-type: image/gif$crlf";
   33.     print $new_sock "Accept-ranges: bytes$crlf";
   34.     print $new_sock "Content-length: 43$crlf$crlf";
   35.     print $new_sock $pixel;
   36.     shutdown( $new_sock, 2 );
   37.     undef($new_sock);
   38. }
   39.
   40. close($sock);
   41. exit(0);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/toronto-pm/attachments/20131203/7c2c078a/attachment-0001.html>


More information about the toronto-pm mailing list