| Subject: | Insecure Dependency on lockfile |
Hi,
I've just updated DBD::File and a large number of other modules using
cpan. Unfortunately I do not know the version I was using before the
upgrade. The version I have now is 0.40.
One of the ASP web pages (called search.asp) stopped working. This page
contains:
my $dbCSVd = '/home/htdocs/dev/ida/flatdb';
my $databcsv = "DBI:DBM:type=GDBM_File;mldbm=Storable;f_dir=$dbCSVd";
$dbh2 = DBI->connect($databcsv);
When the first SQL statement is executed there is an error:
While trying to execute:
CREATE TABLE CURRENTIDA (IDA INTEGER, OWNER CHAR(50), VERSION CHAR(15),
REASON CHAR(25), DESCRIPTION CHAR(100), CFT CHAR(255), INVESTIGATION
CHAR(255), DESIGNASPECTS CHAR(255), IMPLEMENTATION CHAR(255), QDR
CHAR(50), SOURCEMODULES CHAR(255))
The following error occured:
Code : 2000000000
Message:
Execution ERROR: Insecure dependency in open while running with -T
switch at /home/apps/perl/lib/5.8.8/x86_64-linux/IO/File.pm line 185.
called from /home/htdocs/dev/ida/search.asp at 409.
This error did not happen before I upgraded.
After a lot of investigation I found out it was f_fqln causing the
issue. I changed the code around line 850 in sub file2table like this:
defined $meta->{f_lockfile} && $meta->{f_lockfile} and
# $meta->{f_fqln} = $meta->{f_fqbn} . $meta->{f_lockfile};
($meta->{f_fqln}) = ($meta->{f_fqbn} . $meta->{f_lockfile}) =~
/^(.*)$/g; #JCH
The commented line is the original.
The updated line is underneath.
I cannot figure out why the lockfile is tainted. I've tried using
f_lockfile and f_lock to see if I can work around the behavior but not
had luck.
Hope this is the right place to report what i think is a bug!
Cheers,
Jase