I try to compile courier-authlib as user "ronald": pegasus:~ # echo $PATH /sbin:/usr/sbin:/usr/local/sbin:/opt/kde3/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin pegasus:~ # cd /downloads/qmailrocks/courier-authlib-0.55/ pegasus:/downloads/qmailrocks/courier-authlib-0.55 # su ronald ronald@pegasus:/downloads/qmailrocks/courier-authlib-0.55> echo $PATH /opt/kde3/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin ronald@pegasus:/downloads/qmailrocks/courier-authlib-0.55> make & make check .... make all-recursive make[1]: Entering directory `/downloads/qmailrocks/courier-authlib-0.55' Making all in libltdl make[2]: Entering directory `/downloads/qmailrocks/courier-authlib-0.55/libltdl' make all-am make[3]: Entering directory `/downloads/qmailrocks/courier-authlib-0.55/libltdl' make[3]: Leaving directory `/downloads/qmailrocks/courier-authlib-0.55/libltdl' make[2]: Leaving directory `/downloads/qmailrocks/courier-authlib-0.55/libltdl' Making all in gdbmobj make[2]: Entering directory `/downloads/qmailrocks/courier-authlib-0.55/gdbmobj' make all-am make[3]: Entering directory `/downloads/qmailrocks/courier-authlib-0.55/gdbmobj' Compiling gdbmobj.c Insecure $ENV{PATH} while running setuid at /usr/lib/perl5/5.8.8/IPC/Open3.pm line 246. make[3]: *** [gdbmobj.lo] Error 1 make[3]: Leaving directory `/downloads/qmailrocks/courier-authlib-0.55/gdbmobj' make[2]: *** [all] Error 2 make[2]: Leaving directory `/downloads/qmailrocks/courier-authlib-0.55/gdbmobj' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/downloads/qmailrocks/courier-authlib-0.55' make: *** [all] Error 2 What do I miss? bye Ronald
On Wednesday 13 September 2006 09:23, Ronald Wiplinger wrote:
Compiling gdbmobj.c Insecure $ENV{PATH} while running setuid at /usr/lib/perl5/5.8.8/IPC/Open3.pm line 246.
This error comes from a perl module. One thing you can try to do to work around it is: Instead of 'su ronald', use 'su - ronald'. Those behave subtely differently, but i don't know if that will affect the setuid-ness of the script which is failing. Alternately, try running the build as root instead of as another user. In any case, the error message is less than enlightening because it doesn't tell us which part of the path is "insecure". i'm *assuming* that it doesn't want the 'sbin' parts in there, but for the real answer you'll have to ask either the author of Open3.pm (a perl module) or perhaps a Perl mailing list. -- ----- stephan@s11n.net http://s11n.net "...pleasure is a grace and is not obedient to the commands of the will." -- Alan W. Watts
stephan beal wrote:
On Wednesday 13 September 2006 09:23, Ronald Wiplinger wrote:
Compiling gdbmobj.c Insecure $ENV{PATH} while running setuid at /usr/lib/perl5/5.8.8/IPC/Open3.pm line 246.
This error comes from a perl module. One thing you can try to do to work around it is:
Instead of 'su ronald', use 'su - ronald'. Those behave subtely differently, but i don't know if that will affect the setuid-ness of the script which is failing.
Alternately, try running the build as root instead of as another user.
In any case, the error message is less than enlightening because it doesn't tell us which part of the path is "insecure". i'm *assuming* that it doesn't want the 'sbin' parts in there, but for the real answer you'll have to ask either the author of Open3.pm (a perl module) or perhaps a Perl mailing list.
Googling for the error message leads to a 'perlsec' page (i.e.Perl security help) which has this to say on the subject: For "Insecure $ENV{PATH}" messages, you need to set $ENV{'PATH'} to a known value, and each directory in the path must be non-writable by others than its owner and group. The usual mantra in a Perl program is: $ENV{'PATH'} = '/bin:/usr/bin'; I'd suggest setting your path to those two directories and then adding more if you discover that some program can't be found. You can do that in the shell of course, no need to edit the Perl program. Cheers, Dave
On Wed, Sep 13, 2006 at 12:15:19PM +0100, Dave Howorth wrote:
The usual mantra in a Perl program is: $ENV{'PATH'} = '/bin:/usr/bin';
Call me paranoid, but I prefer %ENV = (PATH=>"/sbin:/usr/sbin/:/bin:/usr/bin"); Note that the environment is cleared here.
participants (4)
-
Dave Howorth
-
Josef Wolf
-
Ronald Wiplinger
-
stephan beal