Insecure dependency with Inline::Python

Question

What could explain this compile-time error message when running Inline::Python in -T mode?

Insecure dependency in open while running with -T switch at /usr/local/lib/perl/5.14.2/Inline/Python.pm line 193.

Line 193 is where Inline::Python opens $o->{API}{location}, which I take to be the "Inline DIRECTORY".

I have, of course, used the required options:

use constant _INLINE_DIR_ => '/var/myapp/inline';
use Inline Config => UNTAINT         => 1,
                     NO_UNTAINT_WARN => 1,
                     DIRECTORY       => _INLINE_DIR_;

I have made sure that /var/myapp/inline and everything inside it is writable by everyone, obviously including both root and the user that the application is setuid'ed to at run-time.

The very same script works without problem on my computer, whether I start it as root or not, running Inline 0.50 Inline::Python 0.43, but gives me this error when I try running it on a server that uses the same version of Inline::Python and either version 0.49 or 0.55 of Inline.

Answer 1

Since this is different in different environments, my bet is that somehow there's an environment variable that either Inline or Inline::Python is reading before it does the step requested by the UNTAINT config parameter.

(Contrary to the comment, I don't think that file permissions could cause this message, only insecure dependencies on command-line parameters or environment variables)

Given that, I'd start your script by forcibly clearing the environment and then adding in only those environmental variables you know you need:

%ENV = ();
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';  # Or whatever's appropriate
$ENV{'PYTHONPATH'} = '/usr/local/lib/python';   # Optional, if appropriate
# ... etc ...