Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: ModPerl

Bug report: ModPerl 2.0.2 make test "Insecure directory under -T"

  

 
ModPerl modperl RSS feed   Index | Next | Previous | View Threaded


john.kent at nrlmry

Dec 22, 2005, 9:33 AM

Post #1 of 5 (2792 views)
Permalink
Bug report: ModPerl 2.0.2 make test "Insecure directory under -T"
Here is mybugreport:

-------------8<---------- Start Bug Report ------------8<----------
1. Problem Description:

[DESCRIBE THE PROBLEM HERE]

When running >make test
Get the following errror
[Thu Dec 22 09:28:15 2005] [info] base server + 27 vhosts ready to run tests
[Thu Dec 22 09:28:16 2005] [error] Insecure directory in $ENV{PATH} while running with -T switch at /users/webuser/src/mod_perl-2.0.2/Apache-Test/lib/Apache/TestConfig.pm line 1076.\nCompilation failed in require at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 17.\n\t...propagated at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 18.\nBEGIN failed--compilation aborted at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 20.\nCompilation failed in require at (eval 2) line 1.\n
[Thu Dec 22 09:28:16 2005] [error] Can't load Perl file: /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl for server localhost.localdomain:8529, exiting...
[ error]
server has died with status 255 (t/logs/error_log wasn't created, start the server in the debug mode)
sh: line 1: 11737 Terminated /users/webuser/perl.5.8.7/bin/perl /users/webuser/src/mod_perl-2.0.2/t/TEST -bugreport -verbose=0
make: *** [run_tests] Error 143

2. Used Components and their Configuration:

*** mod_perl version 2.000002

*** using /users/webuser/src/mod_perl-2.0.2/lib/Apache2/BuildConfig.pm

*** Makefile.PL options:
MP_APR_LIB => aprext
MP_APXS => /users/webuser/apache_heavy/bin/apxs
MP_COMPAT_1X => 1
MP_GENERATE_XS => 1
MP_LIBNAME => mod_perl
MP_USE_DSO => 1


*** /users/webuser/apache_heavy/bin/httpd -V
Server version: Apache/2.2.0
Server built: Dec 22 2005 09:03:53
Server's Module Magic Number: 20051115:0
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/users/webuser/apache_heavy"
-D SUEXEC_BIN="/users/webuser/apache_heavy/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

*** /usr/bin/ldd /users/webuser/apache_heavy/bin/httpd
libm.so.6 => /lib/tls/libm.so.6 (0x0036f000)
libaprutil-1.so.0 => /users/webuser/apache_heavy/lib/libaprutil-1.so.0 (0x40009000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4001e000)
libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x003ba000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x0093a000)
libapr-1.so.0 => /users/webuser/apache_heavy/lib/libapr-1.so.0 (0x40024000)
libuuid.so.1 => /lib/libuuid.so.1 (0x40044000)
librt.so.1 => /lib/tls/librt.so.1 (0x008c7000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40048000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x003a6000)
libdl.so.2 => /lib/libdl.so.2 (0x00369000)
libc.so.6 => /lib/tls/libc.so.6 (0x0023d000)
/lib/ld-linux.so.2 (0x00224000)


*** (apr|apu)-config linking info

-L/users/webuser/apache_heavy/lib -laprutil-1 -lgdbm -ldb-4.2 -lexpat
-L/users/webuser/apache_heavy/lib -lapr-1 -luuid -lrt -lcrypt -lpthread -ldl



*** /users/webuser/perl.5.8.7/bin/perl -V
Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
Platform:
osname=linux, osvers=2.6.9-22.0.1.elsmp, archname=i686-linux
uname='linux web1 2.6.9-22.0.1.elsmp #1 smp tue oct 18 18:39:27 edt 2005 i686 i686 i386 gnulinux '
config_args='-Dcc=gcc -Dprefix=/users/webuser/perl.5.8.7'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.4.4 20050721 (Red Hat 3.4.4-2)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.4.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.3.4'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

*** /users/webuser/perl.5.8.7/bin/perl -V
Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
Platform:
osname=linux, osvers=2.6.9-22.0.1.elsmp, archname=i686-linux
uname='linux web1 2.6.9-22.0.1.elsmp #1 smp tue oct 18 18:39:27 edt 2005 i686 i686 i386 gnulinux '
config_args='-Dcc=gcc -Dprefix=/users/webuser/perl.5.8.7'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.4.4 20050721 (Red Hat 3.4.4-2)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.4.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.3.4'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl):
Compile-time options: USE_LARGE_FILES
Built under linux
Compiled at Nov 16 2005 09:15:07
%ENV:
PERL_LWP_USE_HTTP_10="1"

John Kent


stas at stason

Dec 22, 2005, 3:03 PM

Post #2 of 5 (2646 views)
Permalink
Re: Bug report: ModPerl 2.0.2 make test "Insecure directory under -T" [In reply to]
Kent, Mr. John (Contractor) wrote:
> Here is mybugreport:
>
> -------------8<---------- Start Bug Report ------------8<----------
> 1. Problem Description:
>
> [DESCRIBE THE PROBLEM HERE]
>
> When running >make test
> Get the following errror
> [Thu Dec 22 09:28:15 2005] [info] base server + 27 vhosts ready to run tests
> [Thu Dec 22 09:28:16 2005] [error] Insecure directory in $ENV{PATH} while running with -T switch at /users/webuser/src/mod_perl-2.0.2/Apache-Test/lib/Apache/TestConfig.pm line 1076.\nCompilation failed in require at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 17.\n\t...propagated at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 18.\nBEGIN failed--compilation aborted at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 20.\nCompilation failed in require at (eval 2) line 1.\n
> [Thu Dec 22 09:28:16 2005] [error] Can't load Perl file: /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl for server localhost.localdomain:8529, exiting...
> [ error]
> server has died with status 255 (t/logs/error_log wasn't created, start the server in the debug mode)
> sh: line 1: 11737 Terminated /users/webuser/perl.5.8.7/bin/perl /users/webuser/src/mod_perl-2.0.2/t/TEST -bugreport -verbose=0
> make: *** [run_tests] Error 143

Check your PATH env var, John.

perl -le 'print $ENV{PATH}'

does it contain "..", "." or similar?

--
_____________________________________________________________
Stas Bekman mailto:stas [at] stason http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/


john.kent at nrlmry

Dec 23, 2005, 7:50 AM

Post #3 of 5 (2638 views)
Permalink
RE: Bug report: ModPerl 2.0.2 make test "Insecure directory under -T" [In reply to]
Hello Stas,

No, my path does not contain . or .. anywhere.
Here is what I get:

[webuser [at] arie ~]$ perl -le 'print $ENV{PATH}'
/users/webuser/perl/bin:/users/webuser/apache-ant/bin:users/webuser/netscape:/users/webuser/mysql/bin:/users/webuser/jdev/bin:/users/webuser/tomcat/bin:/users/webuser/jdk/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/users/webuser/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin

HOWEVER, looking at how complicated the above was I simplified my PATH to

/users/webuser/perl/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin

and the tests worked without problem.

Adding back directories revealed the problem was with :users/webuser/netscape
which did not exist.

Sorry for bothering you and the list.
Thank you for your reply which did result in solving the problem.

Happy Holidays!

John Kent
Webmaster
NRL Monterey

-----Original Message-----
From: Stas Bekman [mailto:stas [at] stason]
Sent: Thursday, December 22, 2005 3:04 PM
To: Kent, Mr. John (Contractor)
Cc: Mod-Perl (E-mail)
Subject: Re: Bug report: ModPerl 2.0.2 make test "Insecure directory
under -T"


Kent, Mr. John (Contractor) wrote:
> Here is mybugreport:
>
> -------------8<---------- Start Bug Report ------------8<----------
> 1. Problem Description:
>
> [DESCRIBE THE PROBLEM HERE]
>
> When running >make test
> Get the following errror
> [Thu Dec 22 09:28:15 2005] [info] base server + 27 vhosts ready to run tests
> [Thu Dec 22 09:28:16 2005] [error] Insecure directory in $ENV{PATH} while running with -T switch at /users/webuser/src/mod_perl-2.0.2/Apache-Test/lib/Apache/TestConfig.pm line 1076.\nCompilation failed in require at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 17.\n\t...propagated at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 18.\nBEGIN failed--compilation aborted at /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl line 20.\nCompilation failed in require at (eval 2) line 1.\n
> [Thu Dec 22 09:28:16 2005] [error] Can't load Perl file: /users/webuser/src/mod_perl-2.0.2/t/conf/modperl_startup.pl for server localhost.localdomain:8529, exiting...
> [ error]
> server has died with status 255 (t/logs/error_log wasn't created, start the server in the debug mode)
> sh: line 1: 11737 Terminated /users/webuser/perl.5.8.7/bin/perl /users/webuser/src/mod_perl-2.0.2/t/TEST -bugreport -verbose=0
> make: *** [run_tests] Error 143

Check your PATH env var, John.

perl -le 'print $ENV{PATH}'

does it contain "..", "." or similar?

--
_____________________________________________________________
Stas Bekman mailto:stas [at] stason http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/


stas at stason

Dec 23, 2005, 11:42 AM

Post #4 of 5 (2639 views)
Permalink
Re: Bug report: ModPerl 2.0.2 make test "Insecure directory under -T" [In reply to]
Kent, Mr. John (Contractor) wrote:
> Hello Stas,
>
> No, my path does not contain . or .. anywhere.
> Here is what I get:
>
> [webuser [at] arie ~]$ perl -le 'print $ENV{PATH}'
> /users/webuser/perl/bin:/users/webuser/apache-ant/bin:users/webuser/netscape:/users/webuser/mysql/bin:/users/webuser/jdev/bin:/users/webuser/tomcat/bin:/users/webuser/jdk/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/users/webuser/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin
>
> HOWEVER, looking at how complicated the above was I simplified my PATH to
>
> /users/webuser/perl/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin
>
> and the tests worked without problem.
>
> Adding back directories revealed the problem was with :users/webuser/netscape
> which did not exist.

Ah, good catch! We were taking care of removing . and .., but weren't
aware that a relative path without . or .. is a problem too:

% perl -Tle '$ENV{PATH} = "foo/bar"; system("date")'
Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.

I'll patch Apache-Test to handle that case as well.

> Sorry for bothering you and the list.
> Thank you for your reply which did result in solving the problem.
>
> Happy Holidays!

You too!



--
_____________________________________________________________
Stas Bekman mailto:stas [at] stason http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/


stas at stason

Dec 23, 2005, 11:52 AM

Post #5 of 5 (2643 views)
Permalink
Re: Bug report: ModPerl 2.0.2 make test "Insecure directory under -T" [In reply to]
Stas Bekman wrote:
> Kent, Mr. John (Contractor) wrote:
>
>> Hello Stas,
>>
>> No, my path does not contain . or .. anywhere.
>> Here is what I get:
>>
>> [webuser [at] arie ~]$ perl -le 'print $ENV{PATH}'
>> /users/webuser/perl/bin:/users/webuser/apache-ant/bin:users/webuser/netscape:/users/webuser/mysql/bin:/users/webuser/jdev/bin:/users/webuser/tomcat/bin:/users/webuser/jdk/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/users/webuser/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin
>>
>>
>> HOWEVER, looking at how complicated the above was I simplified my PATH to
>>
>> /users/webuser/perl/bin:/users/webuser/ImageMagick/bin:/users/webuser/delegates/bin:/users/webuser/delegates/freestyle2/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/users/webuser/bin
>>
>>
>> and the tests worked without problem.
>>
>> Adding back directories revealed the problem was with
>> :users/webuser/netscape
>> which did not exist.
>
>
> Ah, good catch! We were taking care of removing . and .., but weren't
> aware that a relative path without . or .. is a problem too:
>
> % perl -Tle '$ENV{PATH} = "foo/bar"; system("date")'
> Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.
>
> I'll patch Apache-Test to handle that case as well.

John, can you please test with your original PATH after applying this patch?

Index: lib/Apache/TestConfig.pm
===================================================================
--- lib/Apache/TestConfig.pm (revision 358857)
+++ lib/Apache/TestConfig.pm (working copy)
@@ -1751,7 +1751,7 @@
# win32 uses ';' for a path separator, assume others use ':'
my $sep = WIN32 ? ';' : ':';
# -T disallows relative and empty directories in the PATH
- return join $sep, grep !/^(\.|$)/, split /$sep/, $path;
+ return join $sep, grep !m#^(?:[^/]|$)#, split /$sep/, $path;
}

sub pop_dir {



--
_____________________________________________________________
Stas Bekman mailto:stas [at] stason http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.