Hi Rocco,
I'll revert to Safe 2.32 or 2.33 - the code change between 2.33[_01] and 2.35
and is minimal,
as you see from the diff below. The "local *SIG;" statement is the one and only
that bites ...
Cheers,
Markus
[6:48pm] [perl-git/dist/Safe] -> git diff 5df103ab ac4ec33e -- Safe.pm
diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm
index 865a9dc..f00853e 100644
--- a/dist/Safe/Safe.pm
+++ b/dist/Safe/Safe.pm
@@ -3,7 +3,7 @@ package Safe;
use 5.003_11;
use Scalar::Util qw(reftype refaddr);
-$Safe::VERSION = "2.33_01";
+$Safe::VERSION = "2.35";
# *** Don't declare any lexicals above this point ***
#
@@ -21,7 +21,7 @@ sub lexless_anon_sub {
# Uses a closure (on $__ExPr__) to pass in the code to be executed.
# (eval on one line to keep line numbers as expected by caller)
eval sprintf
- 'package %s; %s sub { @_=(); eval q[my $__ExPr__;] . $__ExPr__; }',
+ 'package %s; %s sub { @_=(); eval q[local *SIG; my $__ExPr__;] .
$__ExPr__; }',
$_[0], $_[1] ? 'use strict;' : '';
}
@@ -355,6 +355,8 @@ sub _clean_stash {
sub reval {
my ($obj, $expr, $strict) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $evalsub = lexless_anon_sub($root, $strict, $expr);
@@ -405,6 +407,7 @@ sub _find_code_refs {
sub wrap_code_ref {
my ($obj, $sub) = @_;
+ die "Bad safe object" unless $obj->isa('Safe');
# wrap code ref $sub with _safe_call_sv so that, when called, the
# execution will happen with the compartment fully 'in effect'.
@@ -440,6 +443,8 @@ sub wrap_code_ref {
sub rdo {
my ($obj, $file) = @_;
+ die "Bad Safe object" unless $obj->isa('Safe');
+
my $root = $obj->{Root};
my $sg = sub_generation();
-----Original Message-----
From: Rocco Caputo [mailto:rcap...@pobox.com]
Sent: Tuesday, July 16, 2013 6:40 PM
To: Markus Jansen
Cc: r...@consttype.org; poe@perl.org
Subject: Re: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
Thank you for the alert. Is there any reasonable way to work around this?
--
Rocco Caputo <rcap...@pobox.com>
On Jul 16, 2013, at 12:00, Markus Jansen wrote:
> Hi,
>
> FYI ... hope none of you wastes time with this really nasty trap ...
>
> Best regards,
> Markus
>
> -----Original Message-----
> From: Markus Jansen
> Sent: Tuesday, July 16, 2013 5:57 PM
> To: perl...@perl.org
> Cc: Markus Jansen
> Subject: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
>
>
> This is a bug report for perl from markus.jan...@ericsson.com, generated with
> the help of perlbug 1.39 running under perl 5.18.0.
>
>
> -----------------------------------------------------------------
> [Please describe your issue here]
>
> Dear Perl5 Porters,
>
> localizing %SIG in Safe.pm 2.35 (on CPAN, 2.{35,36,37} in Perl core) may be a
> great step for security, but it unfortunatately spoils POE::Wheel::Run
> (basically POE and all other asynchronous frameworks dealing with external
> processes).
>
> The symptom experienced is that your application might sooner or later crash
> (reliably when using POE::Component::Resolver upon exiting a Sidecar
> subprocess) with the following famous last words:
>
> Signal SIGCHLD received, but no signal handler set.
>
> Please consider a version (also on CPAN) of Safe.pm which has e.g. the
> localization of %SIG as a switchable feature.
>
> Best regards,
> Markus
>
>
>
> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
> category=library
> severity=critical
> module=Safe
> ---
> Site configuration information for perl 5.18.0:
>
> Configured by ericsson at Fri Jul 12 19:17:48 CEST 2013.
>
> Summary of my perl5 (revision 5 version 18 subversion 0) configuration:
>
> Platform:
> osname=linux, osvers=2.6.16.60-0.42.10-smp,
> archname=x86_64-linux-thread-multi
> uname='linux sekix562 2.6.16.60-0.42.10-smp #1 smp tue apr 27 05:11:27 utc
> 2010 x86_64 x86_64 x86_64 gnulinux '
> config_args='-d -e -O -D cc=gcc -D
> prefix=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_pat
> h/prod -D usemultiplicity -U use5005threads -D usedl -D useshrplib -D
> libperl=libcmacperl.so -U usemymalloc -D cf_by=ericsson -D
> cf_email=scm...@clearcase.ericsson.se -D
> perladmin=scm...@clearcase.ericsson.se -D uselargefiles -D usethreads
> -D useithreads -D use64bitall -D ldcc=CC -D optimize=-O3 -D
> locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_
> path/plib/include
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/include -D
> loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_
> path/plib/lib
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/
> apache/lib -D lddlflags=-shared -lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0 /x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/plib/lib
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path
> /plib/apache/lib
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char
> _path/ plib/apache/lib -Wl,--enable-new-dtags -D ccdlflags=-Bdynamic
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
> -D ldlibpthname=LD_LIBRARY_PATH -D cccdlflags=-fPIC -D dlsrc=dl_dlopen.xs -D
> ccflags=-O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread
> -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -fPIC -D so=so -D libswanted=nsl dl m crypt pthread c'
> hint=recommended, useposix=true, d_sigaction=define
> useithreads=define, usemultiplicity=define
> useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
> use64bitint=define, use64bitall=define, uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT
> -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT
> -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
> -fPIC -fno-strict-aliasing -fstack-protector
> -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include
>
> -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include
> -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
> optimize='-O3',
> cppflags='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE
> -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV
> -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC
> -fno-strict-aliasing -fstack-protector
> -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include
>
> -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include'
> ccversion='', gccversion='4.1.2 20070115 (SUSE Linux)', gccosandvers=''
> intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
> alignbytes=8, prototype=define
> Linker and Libraries:
> ld='gcc', ldflags ='-lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
> -Wl,--enable-new-dtags -fstack-protector'
>
> libpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
> /lib/../lib64 /usr/lib/../lib64 /lib /usr/lib /usr/local/lib /lib64
> /usr/lib64 /usr/local/lib64
> libs=-lnsl -ldl -lm -lcrypt -lpthread -lc
> perllibs=-lnsl -ldl -lm -lcrypt -lpthread -lc
> libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libcmacperl.so
> gnulibc_version='2.4'
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Bdynamic
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib'
> cccdlflags='-fPIC', lddlflags='-shared -lpthread
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib
>
> -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
>
> -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib
> -Wl,--enable-new-dtags -fstack-protector'
>
> Locally applied patches:
>
>
> ---
> @INC for perl 5.18.0:
>
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0/x86_64-linux-thread-multi
>
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0
>
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi
>
> /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
> .
>
> ---
> Environment for perl 5.18.0:
> HOME=/home/eedmja
> LANG=en_US.UTF-8
> LANGUAGE (unset)
> LD_LIBRARY_PATH (unset)
> LOGDIR (unset)
>
> PATH=/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/bin:/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/bin:/bin:/usr/bin:/sbin:/usr/sbin:/opt/gnome/bin:/opt/kde3/bin:/usr/bin/X11:/home/eedmja/bin:/opt/rational/clearcase/bin
> PERL_BADLANG (unset)
> SHELL=/bin/tcsh
