Package: munin Version: 1.4.4-1 Severity: normal Hi,
I have munin configured to run as CGI. When I call up http://localhost/munin/localdomain/localhost.localdomain.html, I get a munin web page with a lot of broken graphs, and the error.log of the web server is plastered with [Wed Jun 02 00:28:41 2010] [error] [client 127.0.0.1] Insecure $ENV{PATH} while running with -T switch at /usr/share/perl5/Date/Manip/TZ.pm line 588, <DATA> line 335., referer: http://localhost/munin/localdomain/localhost.localdomain.html [Wed Jun 02 00:28:41 2010] [error] [client 127.0.0.1] Compilation failed in require at /usr/lib/cgi-bin/munin-cgi-graph line 31, <DATA> line 335., referer: http://localhost/munin/localdomain/localhost.localdomain.html [Wed Jun 02 00:28:41 2010] [error] [client 127.0.0.1] BEGIN failed--compilation aborted at /usr/lib/cgi-bin/munin-cgi-graph line 31, <DATA> line 335., referer: http://localhost/munin/localdomain/localhost.localdomain.html [Wed Jun 02 00:28:41 2010] [error] [client 127.0.0.1] Premature end of script headers: munin-cgi-graph, referer: http://localhost/munin/localdomain/localhost.localdomain.html This prevails even if I start apache with a completely empty directory. I don't have a single clue where the insecurity in the PATH variable comes from. I have seen that upstream seems to be unwilling to set its own path or to sanitize the path coming in to munin, so please advise what I should do to have a sane PATH passed to munin. Greetings Marc -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.34-zgws1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages munin depends on: ii adduser 3.112 add and remove users and groups ii cron 3.0pl1-111 process scheduling daemon pn libdigest-md5-perl <none> (no description available) ii libhtml-template-perl 2.9-1 HTML::Template : A module for usin ii liblog-log4perl-perl 1.28-1 A Perl port of the widely popular ii libparse-recdescent-perl 1.965001+dfsg-1 Perl module to create and use recu ii librrds-perl 1.4.3-1 time-series data storage and displ pn libstorable-perl <none> (no description available) ii munin-common 1.4.4-1 network-wide graphing framework (c ii perl [libtime-hires-perl 5.10.1-12 Larry Wall's Practical Extraction ii perl-modules 5.10.1-12 Core Perl modules ii rrdtool 1.4.3-1 time-series data storage and displ ii ttf-dejavu 2.31-1 Metapackage to pull in ttf-dejavu- Versions of packages munin recommends: ii libdate-manip-perl 6.07-2 module for manipulating dates ii munin-node 1.4.4-1 network-wide graphing framework (n Versions of packages munin suggests: ii apache2-mpm-prefork [httpd] 2.2.15-5 Apache HTTP Server - traditional n ii elinks-lite [www-browser] 0.12~pre5-2 advanced text-mode WWW browser - l ii iceweasel [www-browser] 3.5.9-3 Web browser based on Firefox ii kazehakase [www-browser] 0.5.8-3 GTK+-based web browser that allows ii konqueror [www-browser] 4:4.4.3-1 KDE 4's advanced file manager, web ii lighttpd [httpd] 1.4.26-1.1 A fast webserver with minimal memo ii links2 [www-browser] 2.2-1+b2 Web browser running in both graphi ii lynx-cur [www-browser] 2.8.8dev.3-3 Text-mode WWW Browser with NLS sup -- Configuration Files: /etc/cron.d/munin changed: MAILTO=root */5 * * * * munin if [ -x /usr/local/bin/munin-cron ]; then /usr/local/bin/munin-cron; fi 14 10 * * * munin if [ -x /usr/share/munin/munin-limits ]; then /usr/share/munin/munin-limits --force --contact nagios --contact old-nagios; fi /etc/logrotate.d/munin changed: /var/log/munin/munin-update.log { daily missingok rotate 7 dateext compress notifempty create 640 munin adm } /var/log/munin/munin-graph.log { daily missingok rotate 7 dateext compress notifempty create 640 munin adm } /var/log/munin/munin-html.log { daily missingok rotate 7 dateext compress notifempty create 640 www-data adm } /var/log/munin/munin-limits.log { daily missingok rotate 7 dateext compress notifempty create 640 munin adm } -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
