[MP2 - BUG ?] Issue handing Apache config. error messages

2003-07-09 Thread Sreeji K Das 
Following demonstrates the problem:
$ cat /tmp/test.conf 
Perl 
@Include = /tmp/test1.conf;
/Perl

Listen 43499

$ cat /tmp/test1.conf 
Perl 
$Port = 42480;
/Perl

$ httpd -X -f /tmp/test.conf
Syntax error on line 7 of /tmp/test.conf:
Use of uninitialized value in subroutine entry at
/tmp/CVS/virgin/modperl-2.0/blib/lib/Apache2/Apache/PerlSection.pm
line 171.
-
I've confirmed that ap_walk_config() in
modperl_config_insert() indeed returns a valid error
message and this gets propogated to post_config() in
PerlSection.pm  a dir $errmsg happens. I guess this
has something to do with the double eval() happening.
ie. one for Include, and then recursively for Port.

I'll debug it further; but it'd be nice if some1
already knows the issue and has a solution !

thx
Sreeji


Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

--help

2003-07-09 Thread Alexander Prihodko 
--help

Re: --help

2003-07-09 Thread Chris Devers 
On Wed, 9 Jul 2003, Alexander Prihodko wrote:

 --help

Usage:  [EMAIL PROTECTED] [-s topic] PROBLEM [DETAILS]
Describe a PROBLEM, giving DETAILS, so that the members of
the list can try to assist you.

Example:
Date: Wed, 01 Jan 1970 00:00:00 +
From: D Ritchie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: won't build on new lab system

Your ^*$*$ software won't compile on this PDP-11. I keep
getting the error cowardly refusing to create an empty
archive. What is *that* supposed to mean?

Here's the full error dump: snipped

And here's the software  hardware I'm running: snipped

Options:
  -p --post: [EMAIL PROTECTED]
  -S --subscribe   : [EMAIL PROTECTED]
  -u --unsubscribe : [EMAIL PROTECTED]
  -h --help: [EMAIL PROTECTED]


Please, try again :)



-- 
Chris Devers [EMAIL PROTECTED]
http://devers.homeip.net:8080/

reusability, n.
A marketing priority overriding that of usability.
See also OBJECT ORIENTEETING.

-- from _The Computer Contradictionary_, Stan Kelly-Bootle, 1995

untainting PATH in mod_perl

2003-07-09 Thread Peter Ensch 
perlsec says that to untaint the PATH env one should
do: 
  $ENV{'PATH'} = '/bin:/usr/bin';
  delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

In plain CGI, I normally do this inside a BEGIN 
block; in mod_perl however, this doesn't work. A
print of $ENV{PATH} returns the original tainted
PATH.

In my script I'm doing something like
 foreach(`/bin/ls $path`) {
   do something 
 }

$path is already untainted but I'm still getting 
an 'Insecure $ENV{PATH}' error. What am I missing 
here?

Thanks,
P

-- 

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
Peter Ensch,
[EMAIL PROTECTED]   A-1140   (214) 480 2333
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^

Re: untainting PATH in mod_perl

2003-07-09 Thread Dominique Quatravaux 
 In plain CGI, I normally do this inside a BEGIN 
 block; in mod_perl however, this doesn't work.

This would work if this was done in a Perl section of the httpd.conf
file (this is what I do). I am not sure why the BEGIN block is not
executed, but my guess is that the environment gets automatically
restored at the end of every script run under Apache::Registry,
including the tainted PATH.

-- 
Dominique QUATRAVAUX   Ingénieur senior
01 44 42 00 08 IDEALX

Apache 2.1 Authentication Providers in Perl

2003-07-09 Thread Geoffrey Young 
hi all...

  buried within perl.com this week is my latest article

http://www.perl.com/pub/a/2003/07/08/mod_perl.html

which covers how to use Apache 2.1 authentication from Perl.  one of 
the biggest benefits of Apache 2.1 auth over Apache 2.0 (or even 1.3) 
is the ease at which it opens up Digest auth, so if that is of 
interest to you then you really should check out the 2.1 Apache branch.

the Apache::AuthenHook module the article discusses is on CPAN

http://search.cpan.org/author/GEOFF/Apache-AuthenHook-2.00_01/

enjoy.

--Geoff

mod_perl 1.0 and 2.0

2003-07-09 Thread Jamie Krasnoo 








Hi all,



Im currently working on a personal project to get
myself back in mod_perl programming order. However Im
more used to using mod_perl 1.0 with Apache 1.3.x. Im
going through the documentation for mod_perl 2.0 but
Im worried that most of the modules I need wont work with mod_perl 2.0. Ive been looking for what modules will
and will not work with 2.0 (like Apache::DBI for
pooling connections with MySQL). Would it be a better
benefit to me to switch over to 2.0?



Thanks,



Jamie

Re: untainting PATH in mod_perl

2003-07-09 Thread Peter B. Ensch 
On Wed, Jul 09, 2003 at 05:40:32PM +0200, Dominique Quatravaux wrote:
  In plain CGI, I normally do this inside a BEGIN 
  block; in mod_perl however, this doesn't work.
 
 This would work if this was done in a Perl section of the httpd.conf
 file (this is what I do). I am not sure why the BEGIN block is not
 executed, but my guess is that the environment gets automatically
 restored at the end of every script run under Apache::Registry,
 including the tainted PATH.
 

I need some help with this. Can you share the code you use w/in
your Perl section?

I'm pretty confused because I was able to untaint my PATH var.
by putting 

$ENV{PATH} = '/bin';

in the ***same scope*** where I was getting the error. For example

$ENV{PATH} = '/bin';
my @files = `/bin/ls $path`; # $path is already untainted

was OK; leave out the $ENV line and I get an Insecure $ENV{PATH}
error. 

This works (don't know why) but I would prefer to fix the PATH
in one place rather than having to do so everywhere I shell out
or use backticks.

Thanks,
P


-- 
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
Peter B. Ensch ([EMAIL PROTECTED]) 
   
Linux 2.4.20-4GB 8:21pm Up 18 days 2:55
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^

Re: mod_perl 1.0 and 2.0

2003-07-09 Thread Sreeji K Das 
I think it should be based on your specific
requirements. If you want to setup a production box
and does not have much time in hand to troubleshoot,
then you must go for mod_perl 1.x/Apache-1.x latest
stable versions. 

However, if you have time in hand  want to learn a
bit about Apache/mod_perl, then 2.x would be better.
For any slightly large project, you're likely to face
problems  it's fun to debug as you'd get to know the
code better. I'd also think mod_perl 1.x series may be
discontinued after a while, as 2.x gets to be used
widely (however, it may be a while).

I have been trying to move a large application from
mod_perl 1.x to 2.x. There had been many hiccups now 
then and I had to install latest of version of all
components in my tech stack (perl 5.8.0, latest
CGI/DBI/DBD ...etc.) and had to tweak my
configurations. I found few issues in the process and
I've reported them here. From my experience, it's a
bit long journey, but quite interesting. 

Sreeji

 --- Jamie Krasnoo [EMAIL PROTECTED] wrote:  Hi
all,
  
 I'm currently working on a personal project to get
 myself back in
 mod_perl programming order. However I'm more used to
 using mod_perl 1.0
 with Apache 1.3.x. I'm going through the
 documentation for mod_perl 2.0
 but I'm worried that most of the modules I need
 won't work with mod_perl
 2.0. I've been looking for what modules will and
 will not work with 2.0
 (like Apache::DBI for pooling connections with
 MySQL). Would it be a
 better benefit to me to switch over to 2.0?
  
 Thanks,
  
 Jamie
  


Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/