[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

strange Perl code in mrtg

71: use FindBin;
72: use lib "${FindBin::Bin}";
73: use lib "${FindBin::Bin}${main::SL}..${main::SL}lib${main::SL}mrtg2";

MRTG in unstable has the above code which gives the following error if it 
can't get read access to /root (giving getattr and search access is not 

Use of uninitialized value in string at /usr/bin/mrtg line 72.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg 
line 73.

Why does this Perl code need read access to the /root directory?  I think that 
it has no good reason to even try reading that directory, and if it does try 
it shouldn't give an error condition if it can't succeed!

The above error causes rateup not to be run at a later stage of the program 
(it attempts to run "/rateup" instead of "/usr/bin/rateup").

I can provide access to a SE Linux machine to duplicate this for anyone who is 
interested in experimenting with it.  Unix permissions do not allow such fine 
grained access control and do not permit a root owned process to be denied 
access to /root so duplicating such bugs on a non-SE system is difficult.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: