>> 2.1.11 is out...and 2.1.12 is almost ready for release - does your system >> behave in the same way with 2.1.11?
>> Are you using a pre-built package for freeradius or one that you have >> built yourself? I am using RedHat's pre-built packages, both FreeRADIUS and Perl. I have not tried newer versions, but it should be pretty straightforward to test. >> And FWIW, we've been using rlm_perl extensively with 2.1.10 without any >> segfaults. But then again, that might just be because we write bug free >> perl code :-) Oh I have no doubt that people are using rlm_perl trouble-free. I'm just a little concerned that a bug has the capability to crash the entire server. In development, not a big deal. In fact, it encourages good error recovery. But I'd rather not wake up in the middle of the night and find my entire RADIUS infrastructure has died due to an unexpected corner case. Usernames with unicode characters particularly terrify me. > Of course a script error shouldn't segfault the server. It would have been > much more useful if you had explained what the script error was and a stack > trace from the segfault. I don't have a stack trace yet, but I've got an easily reproducible test case. This is on RedHat 6, using FreeRadius 2.1.10-5, perl 5.10.1-119, x86_64 architecture. From a fresh install, I cleared out sites-enabled and created a single enabled server: server srv-perl-crash { authorize { preprocess update control { Auth-Type := Accept } perl } authenticate { noop } post-auth { noop } preacct { noop } accounting { noop } } I route localhost to that server: client 127.0.0.1 { shortname = localhost secret = mysecret virtual_server = srv-perl-crash } And I define a very simple example.pl: use strict; use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ sub authorize { my $i = 1/0; return RLM_MODULE_OK; } Obviously, a division by zero is a bad thing. But one would expect FreeRadius to stay online. I fire up the server, and test it with: radtest -x foo bar 127.0.0.1 1812 mysecret At first, it gives an error, but survives: rlm_perl: perl_embed:: module = /etc/raddb/example.pl , func = authorize exit status= Illegal division by zero at /etc/raddb/example.pl line 58. I receive an Access-Reject, and things are fine. I send a second request, and I get: rlm_perl: perl_embed:: module = /etc/raddb/example.pl , func = authorize exit status= Illegal division by zero at /etc/raddb/example.pl line 58. Segmentation fault And the server dies. Uh oh! Like I said, I will work on a stack trace. Just wanted to get this out on the list while it's fresh in my mind. Norman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html