http://nms-cgi.sourceforge.net/faq_prob.html
short version- get rid of the Taint checking pointer- or contact host.
#!/usr/bin/perl
(if that's where Perl is on that windows box??)
have you checked out using the brainjar formmail.asp option for that site??
<q>
I am getting the Error ' Too late for "-T" option', what can I do ?
The '-T' turns on Perl's taint checking, this basically means that data
coming from outside the program is marked as 'tainted' (untrustworthy) and
attempts to use that data in certain ways will result in an error in the
program unless the data is checked carefully. All secure CGI programs should
use taint checking, as the Internet is a fundamentally insecure medium.
That you are getting this error probably suggests that your web server is
Microsoft IIS. If the administrator of the web server is open to making
changes to the configuration probably the best idea would be to have them
create a new association for your cgi-bin directory for files with a .plt
extension:
.plt --> C:\perl\bin\perl.exe -T %s %s
where the C:\perl\bin\ should be changed to the appropriate path to where
the perl executable is installed. You should then rename any NMS programs
you want to use with a .plt extension rather than .pl. The way that this
configuration is actually done differs between versions of IIS, so you will
need to consult the documentation for your version if you want to do it
yourself.
The reason that you have to do this is because Windows does not have the
notion of the shebang (#!) line that Unix has to tell the OS how to run an
interpreted program (using associations between an extension and a program
that will run it instead). When a Perl program is run by Windows it is
always as if it had been run like:
perl program.pl
(Apache on Windows appears to behave like Unix but infact this behaviour is
emulated ). Now when Perl runs reads a program file in before running it one
of the first things that it does is to check the check the shebang line and
if it contains 'perl' it will parse it to find if there are any switches
there that should be applied and (with one or two exceptions) it applies
them (as an aside, if 'perl' is not found in the line it will try to use
what is found there as program to be executed with the script name as an
argument). The '-T' is one of the exceptions because by the time that perl
has discovered that you want to turn taint checking on it is already too
late to ensure that all of the environment that the program inherits is
properly 'tainted' and rather than compromise the security checks that
tainting affords it is safer to abandon the program altogether.
Of course because the taint checking is based on the source of the data and
how it is being used and because this don't really change from one
environment to another it is fairly safe to say that if we have tested the
program with the '-T' switch than it is relatively safe to remove it if you
have to. Of course if you remove tainting and then make alterations to the
program such that new data is introduced or existing data is used in a
different way then you may be unwittingly introducing a new vulnerability.
</q>
Quote:
Dan:
That's a good guess. It's the NMS formmail script for Windows, and this is
how the top of the file looks -
#!/usr/bin/perl -wT
#
# NMS FormMail Version 3.08c1
#
but isn't that octothorpe a comment tag?
Anyhow, I got it sorted out. I had the $mailprog specified incorrectly as
SMTP:www.domain.com, rather than SMTP:www.host.com!
Thanks....
|
--
Team Macromedia Volunteer for Dreamweaver
Certified Dreamweaver MX Developer
Re: Formmail error question -
07-08-2003
, 10:53 AM
Linear Mode
