info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
0 views
Skip to first unread message
Markus Jansen
Jul 16, 2013, 12:00:41 PM7/16/13
to r...@consttype.org, p...@perl.org, Markus Jansen
Hi,
FYI ... hope none of you wastes time with this really nasty trap ...
Best regards,
Markus
-----Original Message-----
From: Markus Jansen
Sent: Tuesday, July 16, 2013 5:57 PM
To: per...@perl.org
Cc: Markus Jansen
Subject: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
This is a bug report for perl from markus...@ericsson.com, generated with the help of perlbug 1.39 running under perl 5.18.0.
-----------------------------------------------------------------
[Please describe your issue here]
Dear Perl5 Porters,
localizing %SIG in Safe.pm 2.35 (on CPAN, 2.{35,36,37} in Perl core) may be a great step for security, but it unfortunatately spoils POE::Wheel::Run (basically POE and all other asynchronous frameworks dealing with external processes).
The symptom experienced is that your application might sooner or later crash (reliably when using POE::Component::Resolver upon exiting a Sidecar subprocess) with the following famous last words:
Signal SIGCHLD received, but no signal handler set.
Please consider a version (also on CPAN) of Safe.pm which has e.g. the localization of %SIG as a switchable feature.
Best regards,
Markus
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=library
severity=critical
module=Safe
---
Site configuration information for perl 5.18.0:
Configured by ericsson at Fri Jul 12 19:17:48 CEST 2013.
Summary of my perl5 (revision 5 version 18 subversion 0) configuration:
Platform:
osname=linux, osvers=2.6.16.60-0.42.10-smp, archname=x86_64-linux-thread-multi
uname='linux sekix562 2.6.16.60-0.42.10-smp #1 smp tue apr 27 05:11:27 utc 2010 x86_64 x86_64 x86_64 gnulinux '
config_args='-d -e -O -D cc=gcc -D prefix=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod -D usemultiplicity -U use5005threads -D usedl -D useshrplib -D libperl=libcmacperl.so -U usemymalloc -D cf_by=ericsson -D cf_email=scm...@clearcase.ericsson.se -D perladmin=scm...@clearcase.ericsson.se -D uselargefiles -D usethreads -D useithreads -D use64bitall -D ldcc=CC -D optimize=-O3 -D locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D lddlflags=-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/
plib/apache/lib -Wl,--enable-new-dtags -D ccdlflags=-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D ldlibpthname=LD_LIBRARY_PATH -D cccdlflags=-fPIC -D dlsrc=dl_dlopen.xs -D ccflags=-O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -D so=so -D libswanted=nsl dl m crypt pthread c'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O3',
cppflags='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include'
ccversion='', gccversion='4.1.2 20070115 (SUSE Linux)', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='gcc', ldflags ='-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
libpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib /lib/../lib64 /usr/lib/../lib64 /lib /usr/lib /usr/local/lib /lib64 /usr/lib64 /usr/local/lib64
libs=-lnsl -ldl -lm -lcrypt -lpthread -lc
perllibs=-lnsl -ldl -lm -lcrypt -lpthread -lc
libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libcmacperl.so
gnulibc_version='2.4'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib'
cccdlflags='-fPIC', lddlflags='-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
Locally applied patches:
---
@INC for perl 5.18.0:
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0/x86_64-linux-thread-multi
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
.
---
Environment for perl 5.18.0:
HOME=/home/eedmja
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/bin:/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/bin:/bin:/usr/bin:/sbin:/usr/sbin:/opt/gnome/bin:/opt/kde3/bin:/usr/bin/X11:/home/eedmja/bin:/opt/rational/clearcase/bin
PERL_BADLANG (unset)
SHELL=/bin/tcsh
FYI ... hope none of you wastes time with this really nasty trap ...
Best regards,
Markus
-----Original Message-----
From: Markus Jansen
Sent: Tuesday, July 16, 2013 5:57 PM
To: per...@perl.org
Cc: Markus Jansen
Subject: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
This is a bug report for perl from markus...@ericsson.com, generated with the help of perlbug 1.39 running under perl 5.18.0.
-----------------------------------------------------------------
[Please describe your issue here]
Dear Perl5 Porters,
localizing %SIG in Safe.pm 2.35 (on CPAN, 2.{35,36,37} in Perl core) may be a great step for security, but it unfortunatately spoils POE::Wheel::Run (basically POE and all other asynchronous frameworks dealing with external processes).
The symptom experienced is that your application might sooner or later crash (reliably when using POE::Component::Resolver upon exiting a Sidecar subprocess) with the following famous last words:
Signal SIGCHLD received, but no signal handler set.
Please consider a version (also on CPAN) of Safe.pm which has e.g. the localization of %SIG as a switchable feature.
Best regards,
Markus
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=library
severity=critical
module=Safe
---
Site configuration information for perl 5.18.0:
Configured by ericsson at Fri Jul 12 19:17:48 CEST 2013.
Summary of my perl5 (revision 5 version 18 subversion 0) configuration:
Platform:
osname=linux, osvers=2.6.16.60-0.42.10-smp, archname=x86_64-linux-thread-multi
uname='linux sekix562 2.6.16.60-0.42.10-smp #1 smp tue apr 27 05:11:27 utc 2010 x86_64 x86_64 x86_64 gnulinux '
config_args='-d -e -O -D cc=gcc -D prefix=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod -D usemultiplicity -U use5005threads -D usedl -D useshrplib -D libperl=libcmacperl.so -U usemymalloc -D cf_by=ericsson -D cf_email=scm...@clearcase.ericsson.se -D perladmin=scm...@clearcase.ericsson.se -D uselargefiles -D usethreads -D useithreads -D use64bitall -D ldcc=CC -D optimize=-O3 -D locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D lddlflags=-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/
plib/apache/lib -Wl,--enable-new-dtags -D ccdlflags=-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D ldlibpthname=LD_LIBRARY_PATH -D cccdlflags=-fPIC -D dlsrc=dl_dlopen.xs -D ccflags=-O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -D so=so -D libswanted=nsl dl m crypt pthread c'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O3',
cppflags='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include'
ccversion='', gccversion='4.1.2 20070115 (SUSE Linux)', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='gcc', ldflags ='-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
libpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib /lib/../lib64 /usr/lib/../lib64 /lib /usr/lib /usr/local/lib /lib64 /usr/lib64 /usr/local/lib64
libs=-lnsl -ldl -lm -lcrypt -lpthread -lc
perllibs=-lnsl -ldl -lm -lcrypt -lpthread -lc
libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libcmacperl.so
gnulibc_version='2.4'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib'
cccdlflags='-fPIC', lddlflags='-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
Locally applied patches:
---
@INC for perl 5.18.0:
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0/x86_64-linux-thread-multi
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi
/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
.
---
Environment for perl 5.18.0:
HOME=/home/eedmja
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/bin:/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/bin:/bin:/usr/bin:/sbin:/usr/sbin:/opt/gnome/bin:/opt/kde3/bin:/usr/bin/X11:/home/eedmja/bin:/opt/rational/clearcase/bin
PERL_BADLANG (unset)
SHELL=/bin/tcsh
Markus Jansen
Jul 16, 2013, 12:51:32 PM7/16/13
to Rocco Caputo, r...@consttype.org, p...@perl.org
Hi Rocco,
I'll revert to Safe 2.32 or 2.33 - the code change between 2.33[_01] and 2.35 and is minimal,
as you see from the diff below. The "local *SIG;" statement is the one and only that bites ...
Cheers,
Markus
[6:48pm] [perl-git/dist/Safe] -> git diff 5df103ab ac4ec33e -- Safe.pm
diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm
index 865a9dc..f00853e 100644
--- a/dist/Safe/Safe.pm
+++ b/dist/Safe/Safe.pm
@@ -3,7 +3,7 @@ package Safe;
use 5.003_11;
use Scalar::Util qw(reftype refaddr);
-$Safe::VERSION = "2.33_01";
+$Safe::VERSION = "2.35";
# *** Don't declare any lexicals above this point ***
#
@@ -21,7 +21,7 @@ sub lexless_anon_sub {
# Uses a closure (on $__ExPr__) to pass in the code to be executed.
# (eval on one line to keep line numbers as expected by caller)
eval sprintf
- 'package %s; %s sub { @_=(); eval q[my $__ExPr__;] . $__ExPr__; }',
+ 'package %s; %s sub { @_=(); eval q[local *SIG; my $__ExPr__;] . $__ExPr__; }',
$_[0], $_[1] ? 'use strict;' : '';
}
@@ -355,6 +355,8 @@ sub _clean_stash {
sub reval {
my ($obj, $expr, $strict) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $evalsub = lexless_anon_sub($root, $strict, $expr);
@@ -405,6 +407,7 @@ sub _find_code_refs {
sub wrap_code_ref {
my ($obj, $sub) = @_;
+ die "Bad safe object" unless $obj->isa('Safe');
# wrap code ref $sub with _safe_call_sv so that, when called, the
# execution will happen with the compartment fully 'in effect'.
@@ -440,6 +443,8 @@ sub wrap_code_ref {
sub rdo {
my ($obj, $file) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $sg = sub_generation();
-----Original Message-----
From: Rocco Caputo [mailto:rca...@pobox.com]
Sent: Tuesday, July 16, 2013 6:40 PM
To: Markus Jansen
Cc: r...@consttype.org; p...@perl.org
Subject: Re: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
Thank you for the alert. Is there any reasonable way to work around this?
--
Rocco Caputo <rca...@pobox.com>
> _path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
I'll revert to Safe 2.32 or 2.33 - the code change between 2.33[_01] and 2.35 and is minimal,
as you see from the diff below. The "local *SIG;" statement is the one and only that bites ...
Cheers,
Markus
[6:48pm] [perl-git/dist/Safe] -> git diff 5df103ab ac4ec33e -- Safe.pm
diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm
index 865a9dc..f00853e 100644
--- a/dist/Safe/Safe.pm
+++ b/dist/Safe/Safe.pm
@@ -3,7 +3,7 @@ package Safe;
use 5.003_11;
use Scalar::Util qw(reftype refaddr);
-$Safe::VERSION = "2.33_01";
+$Safe::VERSION = "2.35";
# *** Don't declare any lexicals above this point ***
#
@@ -21,7 +21,7 @@ sub lexless_anon_sub {
# Uses a closure (on $__ExPr__) to pass in the code to be executed.
# (eval on one line to keep line numbers as expected by caller)
eval sprintf
- 'package %s; %s sub { @_=(); eval q[my $__ExPr__;] . $__ExPr__; }',
+ 'package %s; %s sub { @_=(); eval q[local *SIG; my $__ExPr__;] . $__ExPr__; }',
$_[0], $_[1] ? 'use strict;' : '';
}
@@ -355,6 +355,8 @@ sub _clean_stash {
sub reval {
my ($obj, $expr, $strict) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $evalsub = lexless_anon_sub($root, $strict, $expr);
@@ -405,6 +407,7 @@ sub _find_code_refs {
sub wrap_code_ref {
my ($obj, $sub) = @_;
+ die "Bad safe object" unless $obj->isa('Safe');
# wrap code ref $sub with _safe_call_sv so that, when called, the
# execution will happen with the compartment fully 'in effect'.
@@ -440,6 +443,8 @@ sub wrap_code_ref {
sub rdo {
my ($obj, $file) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $sg = sub_generation();
-----Original Message-----
From: Rocco Caputo [mailto:rca...@pobox.com]
Sent: Tuesday, July 16, 2013 6:40 PM
To: Markus Jansen
Cc: r...@consttype.org; p...@perl.org
Subject: Re: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
Thank you for the alert. Is there any reasonable way to work around this?
--
Rocco Caputo <rca...@pobox.com>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
Markus Jansen
Jul 17, 2013, 3:40:43 AM7/17/13
to Rafael Garcia-Suarez, perl5-...@perl.org, p...@perl.org
Hi Rafael,
I agree the signal code in Safe should stay ... however, on both 5.18.0 (Linux) and 5.10.1 (Solaris SPARC) I have found
that the "local %SIG;" code snippet obviously leads to non-execution of the registered signal subroutines,
and instead to Perl bailing out.
For which Perl versions do you think stashing %SIG away should work?
Without understanding the details, I can just guess that the CHILD signal hits the process while just performing a Safe::reval ...
Best regards,
Markus
-----Original Message-----
From: rgarci...@gmail.com [mailto:rgarci...@gmail.com] On Behalf Of Rafael Garcia-Suarez
Sent: Wednesday, July 17, 2013 9:31 AM
To: Markus Jansen; perl5-...@perl.org
Cc: p...@perl.org
Subject: Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
Hi all
Breaking out a Safe compartment is all about compiling code that will be executed later. It happens that there are working exploits that use a combination of %SIG and eval inside the safe-evaled block to execute such compilations; then arbitrary commands can be run on any signal received by the process that compiled the safe compartment.
(I repeat it again -- without this fix it's possible to make perl execute `rm -fr /` through code passed to Safe. So the fix stays.)
The fix I put in Safe was to simply wipe out %SIG in the Safe compartment. In theory that should not have been necessary, since %SIG is not shared between %main:: and the Safe root stash, but that's apparently not how the perl internals work; so, to have a fix back-portable to older perls, I did not found any other way. If someone wants to investigate, I'll be happy to provide details...
Also I'd like to understand why you need to set signal handlers in a Safe compartment. As far as I can tell this has only ever worked by accident.
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
I agree the signal code in Safe should stay ... however, on both 5.18.0 (Linux) and 5.10.1 (Solaris SPARC) I have found
that the "local %SIG;" code snippet obviously leads to non-execution of the registered signal subroutines,
and instead to Perl bailing out.
For which Perl versions do you think stashing %SIG away should work?
Without understanding the details, I can just guess that the CHILD signal hits the process while just performing a Safe::reval ...
Best regards,
Markus
-----Original Message-----
Sent: Wednesday, July 17, 2013 9:31 AM
To: Markus Jansen; perl5-...@perl.org
Cc: p...@perl.org
Subject: Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
Hi all
Breaking out a Safe compartment is all about compiling code that will be executed later. It happens that there are working exploits that use a combination of %SIG and eval inside the safe-evaled block to execute such compilations; then arbitrary commands can be run on any signal received by the process that compiled the safe compartment.
(I repeat it again -- without this fix it's possible to make perl execute `rm -fr /` through code passed to Safe. So the fix stays.)
The fix I put in Safe was to simply wipe out %SIG in the Safe compartment. In theory that should not have been necessary, since %SIG is not shared between %main:: and the Safe root stash, but that's apparently not how the perl internals work; so, to have a fix back-portable to older perls, I did not found any other way. If someone wants to investigate, I'll be happy to provide details...
Also I'd like to understand why you need to set signal handlers in a Safe compartment. As far as I can tell this has only ever worked by accident.
> locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_
> path/plib/include
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/include -D
> loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_
> path/plib/lib
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/lib -D lddlflags=-shared -lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0 /x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread
> path/plib/include
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/include -D
> loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_
> path/plib/lib
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/lib -D lddlflags=-shared -lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0 /x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
Rocco Caputo
Jul 16, 2013, 12:40:13 PM7/16/13
to Markus Jansen, r...@consttype.org, p...@perl.org
Thank you for the alert. Is there any reasonable way to work around this?
--
Rocco Caputo <rca...@pobox.com>
On Jul 16, 2013, at 12:00, Markus Jansen wrote:
--
Rocco Caputo <rca...@pobox.com>
On Jul 16, 2013, at 12:00, Markus Jansen wrote:
0 new messages