Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

perl debugger not working in taint mode #10524

Closed
p5pRT opened this issue Jul 31, 2010 · 7 comments
Closed

perl debugger not working in taint mode #10524

p5pRT opened this issue Jul 31, 2010 · 7 comments

Comments

@p5pRT
Copy link

p5pRT commented Jul 31, 2010

Migrated from rt.perl.org#76872 (status was 'resolved')

Searchable as RT76872$

@p5pRT
Copy link
Author

p5pRT commented Jul 31, 2010

From swamy.sangamesh@gmail.com

I tried to send report using perlbug tool, but looks like report has not
been sent, hence sending it directly.

Getting Insecure dependency error when used perl debugger with taint mode
/usr/bin/perl -wT . This issue seems to be common in all the platforms as i
tested it in aix and linux. it appears in latest perl also, in perl-5.12.1
and 5.10.0, 5.10.1.
not facing any issue in perl-5.8.8.

Here is the error message​:

$ perl -dT Mytest.pm

Loading DB routines from perl5db.pl version 1.3
Editor support available.

Enter h or `h h' for help, or `man perldebug' for more help.

Insecure dependency in eval while running with -T switch at
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/File/Glob.pm line 92.
Compilation failed in require at Mytest.pm line 34.
at Mytest.pm line 34
  Mytest​::BEGIN() called at
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/File/Glob.pm line 34
  eval {...} called at
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/File/Glob.pm line 34
BEGIN failed--compilation aborted at Mytest.pm line 34.
at Mytest.pm line 34
Debugged program terminated. Use q to quit or R to restart,
  use o inhibit_exit to avoid stopping after program termination,
  h q, h R or h o to get additional info.
  DB<1>

And content of Mytest.pm and Mytest.xs look like

$ cat Mytest.pm
#!/usr/bin/perl -wT
package Mytest;
use XSLoader ();

BEGIN {
  XSLoader​::load('Mytest');
}
BEGIN {
  XSLoader​::load('Mytest');
  my $var = defined($0)? UNDEFINE : 1;
}

sub func_test {
  glob("check");
  return 1;
}

1;

$ cat Mytest.xs
#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"

#include "ppport.h"
#define UNDEFINE 0

MODULE = Mytest PACKAGE = Mytest

IV
UNDEFINE()
  ALIAS​:
  UNDEFINE = 0
  CODE​:
  switch(ix) {
  case 0​: RETVAL = UNDEFINE; break;
  }
  OUTPUT​:
  RETVAL

This issue happens when used taint mode in debugger, if we invoke debugger
without taint mode then debugger works fine.
Looks like some drastic changes happened in perl-5.10.0

--
Thanks & Regards,
Sangamesh

@p5pRT
Copy link
Author

p5pRT commented Aug 5, 2010

From @ksangeek

I am also facing the same issue .. Can someone please give an idea on
what may be going wrong.

Thanks & Regards,
Sangeeth K

@p5pRT
Copy link
Author

p5pRT commented Aug 5, 2010

From [Unknown Contact. See original ticket]

I am also facing the same issue .. Can someone please give an idea on
what may be going wrong.

Thanks & Regards,
Sangeeth K

@p5pRT
Copy link
Author

p5pRT commented Aug 19, 2010

swamy.sangamesh@gmail.com - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Aug 19, 2010

From swamy.sangamesh@gmail.com

Please can someone take look at this issue.

Looks like this is happening if we have two BEGIN blocks and glob() is
called. No issue is seen if we have only one BEGIN block.

@p5pRT
Copy link
Author

p5pRT commented Aug 25, 2010

From @iabyn

On Sat, Jul 31, 2010 at 05​:56​:17AM -0700, sangamesh M wrote​:

Getting Insecure dependency error when used perl debugger with taint mode
/usr/bin/perl -wT . This issue seems to be common in all the platforms as i
tested it in aix and linux. it appears in latest perl also, in perl-5.12.1
and 5.10.0, 5.10.1.
not facing any issue in perl-5.8.8.

This is now fixed in bleadperl with the commit below​:

commit 07004eb
Author​: David Mitchell <davem@​iabyn.com>
AuthorDate​: Wed Aug 25 12​:15​:41 2010 +0100
Commit​: David Mitchell <davem@​iabyn.com>
CommitDate​: Wed Aug 25 12​:15​:41 2010 +0100

  don't taint $DB​::sub
 
  [perl #76872] showed a case where code like the following, run under -d,
  would cause $DB​::sub to get set​:
 
  $tainted_expression && func()
 
  The tainted expression sets PL_tainted, so calling func() under -d, which
  sets $DB​::sub, causes it to get tainted.
 
  Consequently any further sub calls would set PL_tainted while getting the
  old value of $DB​::sub (and cause the new value to be tainted too), and if
  the sub was XS, then its code would be executed with PL_tainted set.
  It isn't an issue with perl subs as the first nextstate op resets
  PL_tainted.

M MANIFEST
M lib/perl5db.t
A lib/perl5db/t/taint
M util.c

--
The optimist believes that he lives in the best of all possible worlds.
As does the pessimist.

@p5pRT
Copy link
Author

p5pRT commented Aug 25, 2010

@iabyn - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant