X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9df6ef9c861bec06a2cae7ec8b8c5d6725392035..eb87dd177ae5ad2838c9bb9acb5e1e40d9cc5f28:/doc/bugs/Insecure_dependency_in_mkdir.mdwn?ds=inline diff --git a/doc/bugs/Insecure_dependency_in_mkdir.mdwn b/doc/bugs/Insecure_dependency_in_mkdir.mdwn index 28304b3d3..46011a7e8 100644 --- a/doc/bugs/Insecure_dependency_in_mkdir.mdwn +++ b/doc/bugs/Insecure_dependency_in_mkdir.mdwn @@ -127,3 +127,34 @@ dubious >>>> I get this over and over... I haven't touched that AFAICT, at all. --[[simonraven]] + +>>>>> Take a look at your `/usr/bin/ikiwiki`. The first +>>>>> line should not contain -T. If it does, remove it, +>>>>> and maybe try to work out or give details about how +>>>>> you installed ikiwiki and why it got the -T in there, +>>>>> which certianly doesn't happen by default when ikiwiki +>>>>> is installed by the Makefile.PL or by any package I know of. +>>>>> (If there's +>>>>> no -T, then something *really* weird is going on..) +>>>>> --[[Joey]] + +>>>>>> nope, no -T in the hashbang line at all. Haven't added any; +>>>>>> only thing I did there was change `use lib` to `/usr/share/perl5`, +>>>>>> otherwise I'd get bogus errors about CGI::Cookie_al or some such thing. +>>>>>> +>>>>>> How I installed it was in non-public directories in various sites, then +>>>>>> make it publish stuff to a public dir in the relevant site. Or do you +>>>>>> mean installed, as in the whole thing? From a .deb I made based on the git tree, with `git-buildpackage`. +>>>>>> +>>>>>> This issue is recent, after a `git pull` IIRC. It has never happened before. It's also puzzling me. +>>>>>> +>>>>>> You can check it out for yourself by pulling my fork of this, at github or my local repo. +>>>>>> github will probably be faster for you: git://github.com/kjikaqawej/ikiwiki-simon.git --[[simonraven]] + +>>>>>>> I don't know what I'm supposed to see in your github tree.. it +>>>>>>> looks identical to an old snapshot of ikiwiki's regular git repo? +>>>>>>> If you want to put up the .deb you're using, I could examine that. +>>>>>>> +>>>>>>> I was in fact able to reproduce the insecure dependency in mkdir +>>>>>>> message -- but only if I run 'perl -T ikiwiki'. +>>>>>>> --[[Joey]]