You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Alex Algard <al...@sounddomain.com> on 2000/07/27 05:24:16 UTC

follow-up: very strange bug w/ tainting

More strange stuff, but at least I've narrowed down the problem somewhat...

When we execute the test script "crashme.pl" below, it doesn't work under
certain conditions. After we have executed another script with mod_perl
(which crashes b/c it tries to read from a non-existent database table using
DBI), subsequent calls to crashme.pl result in occasional errors with the
following message (the error takes place on about 30% of the subsequent
tries):

[error] Insecure dependency in require while running with -T switch at
/www/chat/crashme.pl line 2.
BEGIN failed--compilation aborted at /www/chat/crashme.pl line 2.

On the other hand, if we restart Apache, this occasional error doesn't take
place until we run the bad DBI script again. Also if we comment out the "use
Test;" line, we never see an error under any circumstances. FYI, Test.pm is
just an empty file, so it certainly shouldn't cause any harm.

Regardless of what exactly the bad DBI script does, my question is how could
something like this possibly happen?

Thanks!


(again, we're using mod_perl 1.24 with Registry and Apache 1.3.12 on Linux
2.2.14, and of course "PerlTaintCheck On" )


#!/usr/bin/perl
# name: crashme.pl
use Test;
print qq[<HTML><BODY>Come on you dummy... crash me! Try
harder!</BODY></HTML>];


package Test;
#do nothing but crash any other script that uses me (under special
circumstances)
1;

________________________
Alex Algard
algard@sounddomain.com

Re: follow-up: very strange bug w/ tainting

Posted by martin langhoff <ma...@scim.net>.

Alex, 

	did you try this with apache in single process mode (I think it's httpd
-X). Your 30% failure rate seems to mean that your after you execute the
DBI script you only get the same process about 30% of the time.

martin

Re: follow-up: very strange bug w/ tainting

Posted by "G.W. Haywood" <ge...@www.jubileegroup.co.uk>.

Hi there,

On Wed, 26 Jul 2000, Alex Algard wrote:

> More strange stuff [snip] FYI, Test.pm is just an empty file, so it
> certainly shouldn't cause any harm.

A couple of months ago I had a problem where a *very* simple script
would crash Apache 1.3.12/modperl 1.24 no matter what I did.  In the
end I *renamed* it and the problem went away.  Until I renamed it, the
script was called...

Test.pm

73,
Ged.