Hi Rocco, I'll revert to Safe 2.32 or 2.33 - the code change between 2.33[_01] and 2.35 and is minimal, as you see from the diff below. The "local *SIG;" statement is the one and only that bites ...
Cheers, Markus [6:48pm] [perl-git/dist/Safe] -> git diff 5df103ab ac4ec33e -- Safe.pm diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm index 865a9dc..f00853e 100644 --- a/dist/Safe/Safe.pm +++ b/dist/Safe/Safe.pm @@ -3,7 +3,7 @@ package Safe; use 5.003_11; use Scalar::Util qw(reftype refaddr); -$Safe::VERSION = "2.33_01"; +$Safe::VERSION = "2.35"; # *** Don't declare any lexicals above this point *** # @@ -21,7 +21,7 @@ sub lexless_anon_sub { # Uses a closure (on $__ExPr__) to pass in the code to be executed. # (eval on one line to keep line numbers as expected by caller) eval sprintf - 'package %s; %s sub { @_=(); eval q[my $__ExPr__;] . $__ExPr__; }', + 'package %s; %s sub { @_=(); eval q[local *SIG; my $__ExPr__;] . $__ExPr__; }', $_[0], $_[1] ? 'use strict;' : ''; } @@ -355,6 +355,8 @@ sub _clean_stash { sub reval { my ($obj, $expr, $strict) = @_; + die "Bad Safe object" unless $obj->isa('Safe'); + my $root = $obj->{Root}; my $evalsub = lexless_anon_sub($root, $strict, $expr); @@ -405,6 +407,7 @@ sub _find_code_refs { sub wrap_code_ref { my ($obj, $sub) = @_; + die "Bad safe object" unless $obj->isa('Safe'); # wrap code ref $sub with _safe_call_sv so that, when called, the # execution will happen with the compartment fully 'in effect'. @@ -440,6 +443,8 @@ sub wrap_code_ref { sub rdo { my ($obj, $file) = @_; + die "Bad Safe object" unless $obj->isa('Safe'); + my $root = $obj->{Root}; my $sg = sub_generation(); -----Original Message----- From: Rocco Caputo [mailto:rcap...@pobox.com] Sent: Tuesday, July 16, 2013 6:40 PM To: Markus Jansen Cc: r...@consttype.org; poe@perl.org Subject: Re: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ... Thank you for the alert. Is there any reasonable way to work around this? -- Rocco Caputo <rcap...@pobox.com> On Jul 16, 2013, at 12:00, Markus Jansen wrote: > Hi, > > FYI ... hope none of you wastes time with this really nasty trap ... > > Best regards, > Markus > > -----Original Message----- > From: Markus Jansen > Sent: Tuesday, July 16, 2013 5:57 PM > To: perl...@perl.org > Cc: Markus Jansen > Subject: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ... > > > This is a bug report for perl from markus.jan...@ericsson.com, generated with > the help of perlbug 1.39 running under perl 5.18.0. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > Dear Perl5 Porters, > > localizing %SIG in Safe.pm 2.35 (on CPAN, 2.{35,36,37} in Perl core) may be a > great step for security, but it unfortunatately spoils POE::Wheel::Run > (basically POE and all other asynchronous frameworks dealing with external > processes). > > The symptom experienced is that your application might sooner or later crash > (reliably when using POE::Component::Resolver upon exiting a Sidecar > subprocess) with the following famous last words: > > Signal SIGCHLD received, but no signal handler set. > > Please consider a version (also on CPAN) of Safe.pm which has e.g. the > localization of %SIG as a switchable feature. > > Best regards, > Markus > > > > [Please do not change anything below this line] > ----------------------------------------------------------------- > --- > Flags: > category=library > severity=critical > module=Safe > --- > Site configuration information for perl 5.18.0: > > Configured by ericsson at Fri Jul 12 19:17:48 CEST 2013. > > Summary of my perl5 (revision 5 version 18 subversion 0) configuration: > > Platform: > osname=linux, osvers=2.6.16.60-0.42.10-smp, > archname=x86_64-linux-thread-multi > uname='linux sekix562 2.6.16.60-0.42.10-smp #1 smp tue apr 27 05:11:27 utc > 2010 x86_64 x86_64 x86_64 gnulinux ' > config_args='-d -e -O -D cc=gcc -D > prefix=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_pat > h/prod -D usemultiplicity -U use5005threads -D usedl -D useshrplib -D > libperl=libcmacperl.so -U usemymalloc -D cf_by=ericsson -D > cf_email=scm...@clearcase.ericsson.se -D > perladmin=scm...@clearcase.ericsson.se -D uselargefiles -D usethreads > -D useithreads -D use64bitall -D ldcc=CC -D optimize=-O3 -D > locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_ > path/plib/include > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/ > apache/include -D > loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_ > path/plib/lib > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/ > apache/lib -D lddlflags=-shared -lpthread > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/prod/lib/5.18.0 /x86_64-linux-thread-multi/CORE > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /plib/lib > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/plib/lib > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /plib/apache/lib > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /plib/lib > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/plib/lib > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path > /plib/apache/lib > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char > _path/ plib/apache/lib -Wl,--enable-new-dtags -D ccdlflags=-Bdynamic > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > -D ldlibpthname=LD_LIBRARY_PATH -D cccdlflags=-fPIC -D dlsrc=dl_dlopen.xs -D > ccflags=-O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread > -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -fPIC -D so=so -D libswanted=nsl dl m crypt pthread c' > hint=recommended, useposix=true, d_sigaction=define > useithreads=define, usemultiplicity=define > useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef > use64bitint=define, use64bitall=define, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > Compiler: > cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT > -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT > -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > -fPIC -fno-strict-aliasing -fstack-protector > -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include > > -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', > optimize='-O3', > cppflags='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE > -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV > -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC > -fno-strict-aliasing -fstack-protector > -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include > > -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include' > ccversion='', gccversion='4.1.2 20070115 (SUSE Linux)', gccosandvers='' > intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 > ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', > lseeksize=8 > alignbytes=8, prototype=define > Linker and Libraries: > ld='gcc', ldflags ='-lpthread > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > -Wl,--enable-new-dtags -fstack-protector' > > libpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > /lib/../lib64 /usr/lib/../lib64 /lib /usr/lib /usr/local/lib /lib64 > /usr/lib64 /usr/local/lib64 > libs=-lnsl -ldl -lm -lcrypt -lpthread -lc > perllibs=-lnsl -ldl -lm -lcrypt -lpthread -lc > libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libcmacperl.so > gnulibc_version='2.4' > Dynamic Linking: > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Bdynamic > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib' > cccdlflags='-fPIC', lddlflags='-shared -lpthread > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib > > -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > > -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib > -Wl,--enable-new-dtags -fstack-protector' > > Locally applied patches: > > > --- > @INC for perl 5.18.0: > > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0/x86_64-linux-thread-multi > > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0 > > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi > > /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0 > . > > --- > Environment for perl 5.18.0: > HOME=/home/eedmja > LANG=en_US.UTF-8 > LANGUAGE (unset) > LD_LIBRARY_PATH (unset) > LOGDIR (unset) > > PATH=/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/bin:/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/bin:/bin:/usr/bin:/sbin:/usr/sbin:/opt/gnome/bin:/opt/kde3/bin:/usr/bin/X11:/home/eedmja/bin:/opt/rational/clearcase/bin > PERL_BADLANG (unset) > SHELL=/bin/tcsh