You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Jamie Krasnoo <jk...@socal.rr.com> on 2001/04/25 04:28:07 UTC
Tracking down taint problems
I recently got this error:
Insecure dependency in eval while running with -T switch.
Callback called exit.
Now, yes that tells me that something is wrong. What it doesn't tell me is
where the problem is except for the fact that its somewhere in the current
module that's being run. Is there a way that I could get mod_perl to fess up
where the problem is?
Jamie Krasnoo
jkrasnoo@socal.rr.com
RE: Tracking down taint problems
Posted by Doug MacEachern <do...@covalent.net>.
On Thu, 14 Jun 2001, Rob Bloodgood wrote:
> Seriously, tho, do you think you could come up with a short list of
> definitions for those macros? I was pretty excited to see them, once,
> except that I couldn't make them work. <sigh> Even a comment w/ a usage:
>
> AvFILL(<address>)
most of them (the C macros) are documented in Perl's perlapi.pod
the gdb macros are just the cpp expanded versions of the C macros, not
including some of the homebrewed ones like curinfo.
RE: Tracking down taint problems
Posted by Rob Bloodgood <ro...@empire2.com>.
> if you can reproduce at will, use gdb:
> % gdb httpd
> (gdb) source mod_perl-x.xx/.gdbinit
> (gdb) b Perl_croak
> (gdb) run -X
> .... run request that causes error ...
> (gdb) where
> .... stack printed here ...
> (gdb) curinfo
> .... perl filename:linenumber printed here ...
OOOOOOOOOOOOOOOHHHHHHHHHHHHHHHHHH!!!!
Seriously, tho, do you think you could come up with a short list of
definitions for those macros? I was pretty excited to see them, once,
except that I couldn't make them work. <sigh> Even a comment w/ a usage:
AvFILL(<address>)
just to see what to feed the macro from gdb space?
Not like you have anything ELSE to do... (JUST KIDDING I can tell you've
been writing email *all day* by the posts that keep trickling into the
list).
L8r,
Rob
Re: Tracking down taint problems
Posted by Doug MacEachern <do...@covalent.net>.
On Tue, 24 Apr 2001, Jamie Krasnoo wrote:
> I recently got this error:
>
> Insecure dependency in eval while running with -T switch.
> Callback called exit.
>
> Now, yes that tells me that something is wrong. What it doesn't tell me is
> where the problem is except for the fact that its somewhere in the current
> module that's being run. Is there a way that I could get mod_perl to fess up
> where the problem is?
if you can reproduce at will, use gdb:
% gdb httpd
(gdb) source mod_perl-x.xx/.gdbinit
(gdb) b Perl_croak
(gdb) run -X
... run request that causes error ...
(gdb) where
... stack printed here ...
(gdb) curinfo
... perl filename:linenumber printed here ...
Re: Tracking down taint problems
Posted by Stas Bekman <st...@stason.org>.
On Tue, 24 Apr 2001, Jamie Krasnoo wrote:
> I recently got this error:
>
> Insecure dependency in eval while running with -T switch.
> Callback called exit.
>
> Now, yes that tells me that something is wrong. What it doesn't tell me is
> where the problem is except for the fact that its somewhere in the current
> module that's being run. Is there a way that I could get mod_perl to fess up
> where the problem is?
You could try to use Carp with $SIG{__(DIE|WARN)__}. But mainly read the
perlsec manpage. Also see:
http://perl.apache.org/guide/perl.html#Exception_Handling_for_mod_perl
regarding the catching of exceptions.
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:stas@stason.org http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/