<div dir="ltr"><div>Are you running taint mode (perl -T switch) intentionally? Reading from an external source (ie your conf file) is tainted data (thus the warning). See perldoc perlsec ( <a href="http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data">http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data</a> ) for more information on how to deal with this. Alternatively, you can turn off taint mode.<br>
</div><div><br></div><div>Cheers,<br>Matt</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Dec 3, 2013 at 2:25 PM, Antonio T. Sun <span dir="ltr"><<a href="mailto:mlist.ats@spamgourmet.com" target="_blank">mlist.ats@spamgourmet.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I have this error that I want to fix:</div><div><br></div><div><div> Insecure dependency in bind while running with -T switch at /usr/lib/perl/5.14/IO/Socket.pm line 202.</div>
</div>
<div><br></div><div>To me, the weirder part is not the error message itself, but how it appears. Enclosed list [1], and also available under <a href="http://pastebin.com/wqcHGfme" target="_blank">http://pastebin.com/wqcHGfme</a>, is the source code that invokes perl with the -T switch, and does not show the above insecure dependency issue. </div>
<div><br></div><div>Now take a look at this (minor) change:</div><div><br></div><div><br></div><div><div><font face="courier new, monospace">$ diff -wU 1 pixelserv2 pixelserv2</font></div><div><font face="courier new, monospace">--- pixelserv2 2013-12-02 20:41:46.075685600 -0500</font></div>
<div><font face="courier new, monospace">+++ pixelserv3 2013-12-02 20:37:29.943685600 -0500</font></div><div><font face="courier new, monospace">@@ -4,2 +4,4 @@</font></div><div><font face="courier new, monospace"> </font></div>
<div><font face="courier new, monospace">+my $conffile = "/etc/pixelserv.ip";</font></div><div><font face="courier new, monospace">+</font></div><div><font face="courier new, monospace"> my $crlf = "\015\012";</font></div>
<div><font face="courier new, monospace">@@ -9,4 +11,8 @@</font></div><div><font face="courier new, monospace"> </font></div><div><font face="courier new, monospace">+open(my $fh, "<", $conffile) || die "can't open $conffile: $!";</font></div>
<div><font face="courier new, monospace">+my $listento = do { local $/; <$fh> };</font></div><div><font face="courier new, monospace">+close($fh) || die "can't close $conffile: $!";</font></div><div><font face="courier new, monospace">+</font></div>
<div><font face="courier new, monospace"> my $sock = new IO::Socket::INET(</font></div><div><font face="courier new, monospace">- LocalHost => '0.0.0.0',</font></div><div><font face="courier new, monospace">+ LocalHost => $listento,</font></div>
<div><font face="courier new, monospace"> LocalPort => '80',</font></div></div><div><font face="courier new, monospace"><br></font></div><div><br></div><div>To me, the change is really minor, but the impact is huge. I now have such insecure dependency issue. </div>
<div><br></div><div>Why it was OK, and now is not? How to fix it?</div><div><br></div><div>Thanks</div><div><br></div><div>Antonio</div><div><br></div><div>[1] source list<br></div><div><ol style="margin:0px;padding:0px 0px 0px 48px;color:rgb(172,172,172);font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace,serif;font-size:12px;line-height:21px;background-color:rgb(248,248,248)">
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(102,102,102);font-style:italic">#! /usr/bin/perl -Tw</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="font-weight:bold">use</span> IO<span style="color:rgb(51,153,51)">::</span><span style="color:rgb(0,102,0)">Socket</span><span style="color:rgb(51,153,51)">::</span><span style="color:rgb(0,102,0)">INET</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(177,177,0)">my</span> <span style="color:rgb(0,0,255)">$crlf</span> <span style="color:rgb(51,153,51)">=</span> <span style="color:rgb(255,0,0)">"<span style="color:rgb(0,0,153);font-weight:bold">\0</span>15<span style="color:rgb(0,0,153);font-weight:bold">\0</span>12"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(177,177,0)">my</span> <span style="color:rgb(0,0,255)">$pixel</span> <span style="color:rgb(51,153,51)">=</span> <span style="color:rgb(0,0,102)">pack</span><span style="color:rgb(0,153,0)">(</span> <span style="color:rgb(255,0,0)">"C*"</span><span style="color:rgb(51,153,51)">,</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">qw</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(204,102,204)">71</span> <span style="color:rgb(204,102,204)">73</span> <span style="color:rgb(204,102,204)">70</span> <span style="color:rgb(204,102,204)">56</span> <span style="color:rgb(204,102,204)">57</span> <span style="color:rgb(204,102,204)">97</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">128</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">255</span> <span style="color:rgb(204,102,204)">255</span> <span style="color:rgb(204,102,204)">255</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">33</span> <span style="color:rgb(204,102,204)">249</span> <span style="color:rgb(204,102,204)">4</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">44</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">2</span> <span style="color:rgb(204,102,204)">2</span> <span style="color:rgb(204,102,204)">68</span> <span style="color:rgb(204,102,204)">1</span> <span style="color:rgb(204,102,204)">0</span> <span style="color:rgb(204,102,204)">59</span><span style="color:rgb(0,153,0)">)</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(177,177,0)">my</span> <span style="color:rgb(0,0,255)">$sock</span> <span style="color:rgb(51,153,51)">=</span> <span style="font-weight:bold">new</span> IO<span style="color:rgb(51,153,51)">::</span><span style="color:rgb(0,102,0)">Socket</span><span style="color:rgb(51,153,51)">::</span><span style="color:rgb(0,102,0)">INET</span><span style="color:rgb(0,153,0)">(</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> LocalHost <span style="color:rgb(51,153,51)">=></span> <span style="color:rgb(255,0,0)">'0.0.0.0'</span><span style="color:rgb(51,153,51)">,</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> LocalPort <span style="color:rgb(51,153,51)">=></span> <span style="color:rgb(255,0,0)">'80'</span><span style="color:rgb(51,153,51)">,</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> Proto <span style="color:rgb(51,153,51)">=></span> <span style="color:rgb(255,0,0)">'tcp'</span><span style="color:rgb(51,153,51)">,</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> Listen <span style="color:rgb(51,153,51)">=></span> <span style="color:rgb(204,102,204)">30</span><span style="color:rgb(51,153,51)">,</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> Reuse <span style="color:rgb(51,153,51)">=></span> <span style="color:rgb(204,102,204)">1</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(177,177,0)">if</span> <span style="color:rgb(0,153,0)">(</span> <span style="color:rgb(51,153,51)">!</span><span style="color:rgb(0,0,102)">defined</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(0,0,255)">$sock</span><span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">{</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(255,0,0)">"error : cannot bind : $! exit<span style="color:rgb(0,0,153);font-weight:bold">\n</span>"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">exit</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(204,102,204)">1</span><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,153,0)">}</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(177,177,0)">while</span> <span style="color:rgb(0,153,0)">(</span><span style="color:rgb(177,177,0)">my</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(51,153,51)">=</span> <span style="color:rgb(0,0,255)">$sock</span><span style="color:rgb(51,153,51)">-></span><span style="color:rgb(0,0,102)">accept</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">{</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(177,177,0)">while</span> <span style="color:rgb(0,153,0)">(</span><span style="color:rgb(51,153,51)"><</span><span style="color:rgb(0,0,255)">$new_sock</span><span style="color:rgb(51,153,51)">></span><span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">{</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">chop</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">chop</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(102,102,102);font-style:italic"># print "$_\n";</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(177,177,0)">if</span> <span style="color:rgb(0,153,0)">(</span> <span style="color:rgb(0,0,255)">$_</span> <span style="color:rgb(177,177,0)">eq</span> <span style="color:rgb(255,0,0)">''</span> <span style="color:rgb(0,153,0)">)</span> <span style="color:rgb(0,153,0)">{</span> <span style="color:rgb(177,177,0)">last</span><span style="color:rgb(51,153,51)">;</span> <span style="color:rgb(0,153,0)">}</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,153,0)">}</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(255,0,0)">"HTTP/1.1 200 OK$crlf"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(255,0,0)">"Content-type: image/gif$crlf"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(255,0,0)">"Accept-ranges: bytes$crlf"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(255,0,0)">"Content-length: 43$crlf$crlf"</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">print</span> <span style="color:rgb(0,0,255)">$new_sock</span> <span style="color:rgb(0,0,255)">$pixel</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">shutdown</span><span style="color:rgb(0,153,0)">(</span> <span style="color:rgb(0,0,255)">$new_sock</span><span style="color:rgb(51,153,51)">,</span> <span style="color:rgb(204,102,204)">2</span> <span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> <span style="color:rgb(0,0,102)">undef</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(0,0,255)">$new_sock</span><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,153,0)">}</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"> </div></li>
<li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,0,102)">close</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(0,0,255)">$sock</span><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li><li><div style="padding:0px 5px;vertical-align:top;color:rgb(0,0,0);border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);background-color:rgb(255,255,255)"><span style="color:rgb(0,0,102)">exit</span><span style="color:rgb(0,153,0)">(</span><span style="color:rgb(204,102,204)">0</span><span style="color:rgb(0,153,0)">)</span><span style="color:rgb(51,153,51)">;</span></div>
</li></ol></div><div><br></div></div>
<br>_______________________________________________<br>
toronto-pm mailing list<br>
<a href="mailto:toronto-pm@pm.org">toronto-pm@pm.org</a><br>
<a href="http://mail.pm.org/mailman/listinfo/toronto-pm" target="_blank">http://mail.pm.org/mailman/listinfo/toronto-pm</a><br>
<br></blockquote></div><br></div>