[Petal] Petal::TAINT problems under Apache::Registry

William McKee william at knowmad.com
Mon Oct 6 22:56:49 BST 2003 

Hi all,

A bit more light on the problems I'm experiencing running Petal 1.10_05
under Perl 5.6.1 on Apache 1.27 with mod_perl 1.27. In the function
_code_memory_cached in the Petal.pm module, the reval function from the
Safe module is returning undef when my application is run via
Apache::Registry. Running from the command-line, it returns a subroutine
reference that looks like the following:

	$VAR1 = sub { "DUMMY" };

It appears that when run under Apache::Registry, the $VAR1 is being
localized and thus Petal is unable to access it. I was able to repeat
the problem from the command-line by appending a 'my ' in front of the
$code_perl string being passed to reval. This effectively makes the
$VAR1 invisible from Petal.

Now, how to setup access to $VAR1? Fergal gave me some suggestions back
in August when I was trying to work out the problems with repeating
objects and the Safe environment. However, I continue to have no luck
using his suggestions of setting up a glob. Perhaps, I just don't
understand it. Could someone who is familiar with Safe environments look
at lines following the if ($TAINT) section around line 550 of Petal.pm
and see if the following is correct way to setup access to $VAR1:

	*Petal::CPT::Petal::VAR1 = \$Petal::VAR1;

<break for testing...>

Well, I'm not sure if the above hypothesis is accurate. I found a way to
get the evaled sub back into Petal from the command-line but the web is
still returning empty. Instead of assigning $code to $Petal::CPT::VAR1,
I am assigning it to the output from reval:

	$code = $cpt->reval($code_perl);

This works fine in cmd-line even if $VAR1 is localized with 'my' but
continues to fail from web.

Next test is to skip the reval, I tried doing an eval on the $code_perl
(PerlTaint is set to off in my httpd.conf). This works (which is what
I'd have expected since setting $Petal::TAINT to 0 also works). What is
reval doing to make this break under Apache::Registry? I have tried to
debug it but keep getting segmentation faults at weird places which
prevents me from getting to the line where the code is eval'ed by Safe.
Maybe someone else could try doing a debug under Apache.

I added a few warn lines to Safe and in the process discovered that Safe
uses Opcode::_safe_call_sv to do the actual evaluation (however, this
subroutine isn't even defined in Opcode so I don't know how it becomes
enabled; I have a feeling that I'm getting into the deep end of the
magic that makes Perl work). There is also an Apache::Opcode module, but
I can't see that there is any conflict.

My searches on Google for _safe_call_sv did not turn up much useful
info.

William

-- 
Knowmad Services Inc.
http://www.knowmad.com

More information about the Petal mailing list