strange Perl code in mrtg

To: Debian Devel <debian-devel@lists.debian.org>
Subject: strange Perl code in mrtg
From: Russell Coker <russell@coker.com.au>
Date: Sun, 8 Aug 2004 21:41:56 +1000
Message-id: <[🔎] 200408082141.56772.russell@coker.com.au>
Reply-to: russell@coker.com.au

71: use FindBin;
72: use lib "${FindBin::Bin}";
73: use lib "${FindBin::Bin}${main::SL}..${main::SL}lib${main::SL}mrtg2";


MRTG in unstable has the above code which gives the following error if it 
can't get read access to /root (giving getattr and search access is not 
enough):

Use of uninitialized value in string at /usr/bin/mrtg line 72.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg 
line 73.


Why does this Perl code need read access to the /root directory?  I think that 
it has no good reason to even try reading that directory, and if it does try 
it shouldn't give an error condition if it can't succeed!

The above error causes rateup not to be run at a later stage of the program 
(it attempts to run "/rateup" instead of "/usr/bin/rateup").


I can provide access to a SE Linux machine to duplicate this for anyone who is 
interested in experimenting with it.  Unix permissions do not allow such fine 
grained access control and do not permit a root owned process to be denied 
access to /root so duplicating such bugs on a non-SE system is difficult.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: strange Perl code in mrtg
  - From: Andrew Suffield <asuffield@debian.org>

Prev by Date: Re: ITP: helpviewer -- online help viewer for GNUstep programs
Next by Date: Re: Release update: base and standard frozen
Previous by thread: Re: Release update: base and standard frozen
Next by thread: Re: strange Perl code in mrtg
Index(es):
- Date
- Thread