Insecure dependency

Barry Kauler
13 July 2008, 04:20
Hi, I have a problem with Hiawatha, that is a show-stopper for me.

I want to use Hiawatha to serve a tiny blog called PPLOG. This is a single 80KB Perl script, with one css file and a couple of images. It's a great little blog -- I use it on my Puppy Linux site at

Anyway, I compiled and installed Hiawatha, then placed PPLOG inside the webrootdir, and PPLOG works, or rather almost works.

I was able to make a post to the blog, but cannot edit an entry after it is posted.

The blog is at <webrootdir>/blog and posts go into <webrootdir>/blog/posts, as plain text files. The first post is a file named 00000.ppl. When I attempt to edit this post, I get this message:

Insecure dependency in open while running setuid at <webrootdir>/blog/ line 901.

I substituted the actual path with <webrootdir>. The error is where the Perl script is trying to open the 00000.ppl for writing. It doesn't matter what user id, group id or permissions I give to 00000.ppl, Hiawatha will not let PPLOG write to it.

Can you please advise how I can work around this problem?
Barry Kauler
13 July 2008, 05:04
Okay, I have a workaround that does get PPLOG working. My apologies, it turns out the error message is from Perl. I posted my problem to my Puppy Linux blog and received a reply with this interesting link:

I'm puzzled though, as PPLOG does not start the Perl interpreter with the '-T' option so it shouldn't be doing any tainted checks. Anyway, if I change the first line of the script to:
#!/usr/bin/perl -U
where the '-U' is "allow unsafe operations" then PPLOG works.

That is a very bad hack though!
Hugo Leisink
13 July 2008, 20:42
The error message you posted is indeed not a Hiawatha error message. Is everything working oke now? Or are things missing in Hiawatha?
Eric Mulcaster
21 September 2009, 00:37
Hiawatha is doing a bang up job on The newest release is running very well and is doing exactly what it is intended.
Hugo Leisink
21 September 2009, 00:48
You're welcome! Spread the word
This topic has been closed.