[mp2] smoke failure in t/apr/perlio.t

[Stas Bekman <st...@stason.org>]

t/SMOKE has revealed a problem with the following run:

t/TEST -v -maxclients 1 t/apache/read.t t/hooks/authz.t t/modperl/pnotes.t 
t/error/runtime.t t/apr/perlio.t

The error is:

[Fri Nov 05 19:44:51 2004] [error] [client 127.0.0.1] Insecure dependency 
in open while running setgid at 
/home/stas/apache.org/mp2-cvs/t/response/TestAPR/perlio.pm line 55.

The nasty things that we have seen before, which happens after 
Perl_croak() in t/error/runtime.t. Not sure why 3 more tests needed before 
to get this reproduced.

What is it that perlsec wants to make perl happy? (I think it's a bug in 
perl.)

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org

Re: [mp2] smoke failure in t/apr/perlio.t

[Stas Bekman <st...@stason.org>]

Stas Bekman wrote:
> Stas Bekman wrote:
> 
>> t/SMOKE has revealed a problem with the following run:
>>
>> t/TEST -v -maxclients 1 t/apache/read.t t/hooks/authz.t 
>> t/modperl/pnotes.t t/error/runtime.t t/apr/perlio.t
>>
>> The error is:
>>
>> [Fri Nov 05 19:44:51 2004] [error] [client 127.0.0.1] Insecure 
>> dependency in open while running setgid at 
>> /home/stas/apache.org/mp2-cvs/t/response/TestAPR/perlio.pm line 55.
>>
>> The nasty things that we have seen before, which happens after 
>> Perl_croak() in t/error/runtime.t. Not sure why 3 more tests needed 
>> before to get this reproduced.
>>
>> What is it that perlsec wants to make perl happy? (I think it's a bug 
>> in perl.)
> 
> 
> it's still there, another sequence found with t/SMOKE with worker.
> 
> t/TEST t/protocol/echo_bbs2.t t/apr/flatten.t 
> t/filter/out_str_subreq_default.t t/error/runtime.t t/apr/perlio.t

both fixed in r122973:

replace the added in 1.99_17 code on resetting/restoring PL_tainted,
with explicit reset before and after each each callback. This solves a
complicated tainting issues caused when perl exception object is
thrown. rgs suggested that it should be safe, similar to perl's own
pp_nextstate which says: /* Each statement is presumed innocent */
[Stas]

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org

Re: [mp2] smoke failure in t/apr/perlio.t

[Stas Bekman <st...@stason.org>]

Stas Bekman wrote:
> t/SMOKE has revealed a problem with the following run:
> 
> t/TEST -v -maxclients 1 t/apache/read.t t/hooks/authz.t 
> t/modperl/pnotes.t t/error/runtime.t t/apr/perlio.t
> 
> The error is:
> 
> [Fri Nov 05 19:44:51 2004] [error] [client 127.0.0.1] Insecure 
> dependency in open while running setgid at 
> /home/stas/apache.org/mp2-cvs/t/response/TestAPR/perlio.pm line 55.
> 
> The nasty things that we have seen before, which happens after 
> Perl_croak() in t/error/runtime.t. Not sure why 3 more tests needed 
> before to get this reproduced.
> 
> What is it that perlsec wants to make perl happy? (I think it's a bug in 
> perl.)

it's still there, another sequence found with t/SMOKE with worker.

t/TEST t/protocol/echo_bbs2.t t/apr/flatten.t 
t/filter/out_str_subreq_default.t t/error/runtime.t t/apr/perlio.t

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org