Note: please don't spam any of the e-mail addresses which you see here. Follow this link if you want some addresses to misuse.
From: Kenneth Tindle <ktindle@uky.edu> Date: Sun, 1 Jun 2003 04:00:06 -0400 Subject: PPR: PPR WebAdmin and Perl 5.8.0 update OK, having had a chance to calm down and look at the CVS repository, I'm closer to understanding the latest taint failure. I already reported this, but was wrong about the root cause. It helps a lot to actually read the source! The trouble is in libscript/PPOP.pm. The Perl IPC::Open code has now gotten so smart that it will allow PPR::PPOP to launch ppop for reading, but not for writing. I'm not yet sure what has to be done in PPR::PPOP to make things "secure" again. This is the "ppop not ready" error I'm getting. Red Hat, and Perl, have changed the IPC package to be smarter about taint. It may now be more clever than is good... Before, I thought exec was being used directly to launch ppop. My mistake. I'm off to try and find some IPC package docs. Cheers.