[gold-users] Problems with client encryption

Scott Jackson scottmo at adaptivecomputing.com
Thu Sep 16 17:38:28 MDT 2010


Perl 5.10 seems to have made some changes in taint checking. Are you 
getting this in your client or in the goldd server (or both)?

If it just the server side, and you have not done this already, you may 
be able to simply remove the -T flag at the top of the goldd command.

If not, then it is possible that the time() system call is now 
considered unsafe taint-wise. Thus you would have to set a variable to 
store the time in:

my $time = time();
if ($time =~ /^(\d+)$/) { $time = $1; } # Untaint
else    {    die "Illegal characters were found in \$time ($time)\n";}

Then use $time instead of time() throughout as necessary.

Scott

Mehmet Soysal wrote:
> Hi,
> ich have Problems with enabling the option server. and client-side
> security.encryption = true
>
> I get this error message from the Command Line Utility:
>
> Taint checks are turned on and your key is tainted. Please untaint the 
> key and try again at /opt/gold/lib/Gold/Chunk.pm line 752.
>
> Im not quite sure what is going wrong.
>
> security.authentication works quite well.
>
> Does anybody else have this Problem?
>
> MfG
> M.Soysal
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> gold-users mailing list
> gold-users at supercluster.org
> http://www.supercluster.org/mailman/listinfo/gold-users
>   


More information about the gold-users mailing list