perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Alexander.Far...@nokia.com>
Subject RE: Insecure $ENV{PATH} while running with -T at Mail/Mailer/sendmail.pm
Date Fri, 30 Apr 2004 17:29:58 GMT
Hi Stas,

sorry for not replying - too much pressure at work and 
I have to finish my mod_perl-script (a Continuus trigger) 
tonight. I don't have time to install Apache::Reload, 
but I've tried  to create a test case for you - running:

package Testcase;

BEGIN {
        delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
        $ENV{PATH} = '/bin:/usr/bin:/usr/lib';
}

use Apache;
use Apache::Constants qw(OK);
use Mail::Mailer qw(sendmail);
use strict;

sub handler
{
    my $r = shift;
    $r->send_http_header('text/plain');

        #$ENV{PATH} = '/bin:/usr/bin:/usr/lib';
        my $sendmail = Mail::Mailer->new();
        unless ($sendmail->open({From    => 'Alexander.Farber@Nokia.com',
                                 To      => 'stas@stason.org',
                                 Subject => 'Test case',
                                })) {
            print "Can not send mail: $!\n";
            $r->log_error("Can not send mail: $!");
            return OK;
        }
        print $sendmail "Test case\n";
        $sendmail->close();

        #open my $MAILX, "|/usr/bin/mailx -r afarber -s 'Test case' afarber"
                #or die "Can not open pipe to /usr/bin/mailx: $!\n";
        #print $MAILX "Test case\n";
        #close $MAILX or die "Can not close pipe to /usr/bin/mailx: $!\n";

    return OK;
}

1;


gives me the error:


[Fri Apr 30 19:21:22 2004] [notice] SIGHUP received.  Attempting to restart
[Fri Apr 30 19:21:23 2004] [notice] Apache/1.3.27 (Unix) mod_perl/1.27 configured -- resuming
normal operations
[Fri Apr 30 19:21:23 2004] [notice] Accept mutex: fcntl (Default: fcntl)
....
[Fri Apr 30 19:23:14 2004] [error] Insecure $ENV{PATH} while running with -T switch at /nokia/apps/tww/@sys/perl580p/lib/5.8.0/Mail/Mailer/sendmail.pm
line 16.


Yes, I'm using Apache::StatINC:


 PerlModule Apache::StatINC
 PerlModule Testcase
 <Location /testcase>
  SetHandler perl-script
  PerlHandler Testcase
  PerlInitHandler Apache::StatINC
  PerlSetVar StatINCDebug On
 </Location>


I believe it's not Mail::Mailer's problem, as I tried opening 
a pipe to mailx (see the code above) and have got the same error:


Apache::StatINC: process 421 reloading Taskit.pm.
[Fri Apr 30 19:26:27 2004] [error] Insecure $ENV{PATH} while running with -T switch at /appl/continuus/ccm-5.1-SunOS/gscm/lib/Testcase.pm
line xx.


I've workarounded my problem by moving the line 

        $ENV{PATH} = '/bin:/usr/bin:/usr/lib';

from the BEGIN block into the handler sub, right before I call

        my $sendmail = Mail::Mailer->new();
        $sendmail->open(....);

So it looks to me, that it's a problem of mod_perl 
or maybe of the Apache::StatINC

Regards
Alex

> -----Original Message-----
> From: ext Stas Bekman [mailto:stas@stason.org]
> 
> Alexander.Farber@nokia.com wrote:
> > 
> > I've forgotten to mention it, but I have already tried
> > 
> > BEGIN {
> >         delete @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
> >         $ENV{PATH} = '/bin:/usr/bin';
> > }
> 
> Alex, please show me a complete minimal test case. You might 
> be able to reproduce it by dropping the whole Mail::Mailer and just 
> using a line similar to where it fails: exec( $exe, '-t', @$args );
> e.g. exec ("/bin/echo", "hi"); 
> I believe. If it doesn't work, use Mail::Mailer but give me a complete 
> (minimal) module which still fails. Otherwise it's hard to 
> reproduce it, since 
> you only show part of it.
> 
> Also does the problem go away when you don't use the 
> reloader? It's been ages since I last used StatINC, why does it print:
> 
>    Apache::StatINC: process 4933 reloading Taskit.pm.
> 
> did you enable the debug mode or something. Does it happen 
> during the reload or after it was reloaded. I suppose it was after it was 
> reloaded. could it be that Mail::Mailer redefines $ENV{PATH} in its code? check 
> what's the value that you get before you call the code that fails.

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html


Mime
View raw message