You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Kenny Smith <ke...@hosting.com> on 2001/11/29 01:31:07 UTC

$ENV{'REMOTE_USER'} getting clobbered?

Hello,

I'm using mod_perl as a replacement for CGI. We are getting strange behavior
where $ENV{'REMOTE_USER'} isn't being set correctly.

The script is protected by an .htaccess type of authentication, so when I
log in as 'kenny', $ENV{'REMOTE_USER'} should be equal to 'kenny'. However,
every once in awhile, $ENV{'REMOTE_USER'} will be equal to someone else's
login name, even though I'm still logged in as 'kenny' when I execute the
script.  Does that make sense?

This system was working fine for 2 months or more, but recently the number
of users and the load on the machine has increased, and we have started
seeing the problem.

My theory is that %ENV is shared between requests and user 'bob' is
executing the script in the middle of my execution and $ENV{'REMOTE_USER'}
is getting overwritten in my execution with 'bob'. I believe the script is
taking longer to execute due to the load time which increases the window of
opportunity for REMOTE_USER to be clobbered.

Software involved:

apache 1.3.12
mod_perl 1.24
solaris 5.7
perl 5.005_03

Our sysadmins are working on building a new apache binary with up to date
versions, but I'd like to find out from the list if you have had this
problem before, and if you know why it is caused.

Kenny Smith

Re: $ENV{'REMOTE_USER'} getting clobbered?

Posted by Daniel Jacobowitz <dm...@andrew.cmu.edu>.

On Wed, Nov 28, 2001 at 04:31:07PM -0800, Kenny Smith wrote:
> Hello,
> 
> I'm using mod_perl as a replacement for CGI. We are getting strange behavior
> where $ENV{'REMOTE_USER'} isn't being set correctly.
> 
> The script is protected by an .htaccess type of authentication, so when I
> log in as 'kenny', $ENV{'REMOTE_USER'} should be equal to 'kenny'. However,
> every once in awhile, $ENV{'REMOTE_USER'} will be equal to someone else's
> login name, even though I'm still logged in as 'kenny' when I execute the
> script.  Does that make sense?
> 
> This system was working fine for 2 months or more, but recently the number
> of users and the load on the machine has increased, and we have started
> seeing the problem.
> 
> My theory is that %ENV is shared between requests and user 'bob' is
> executing the script in the middle of my execution and $ENV{'REMOTE_USER'}
> is getting overwritten in my execution with 'bob'. I believe the script is
> taking longer to execute due to the load time which increases the window of
> opportunity for REMOTE_USER to be clobbered.
> 
> Software involved:
> 
> apache 1.3.12
> mod_perl 1.24
> solaris 5.7
> perl 5.005_03

I believe that we fixed an environment corruption bug (at least for the
DSO case, possibly static) sometime right after 1.24 was released.

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer