Return-Path: X-Original-To: apmail-perl-modperl-archive@www.apache.org Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9890E7901 for ; Tue, 4 Oct 2011 08:44:14 +0000 (UTC) Received: (qmail 50243 invoked by uid 500); 4 Oct 2011 08:44:13 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 50173 invoked by uid 500); 4 Oct 2011 08:44:12 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 50166 invoked by uid 99); 4 Oct 2011 08:44:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 08:44:12 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [46.249.73.16] (HELO nose.ktnx.net) (46.249.73.16) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 08:44:05 +0000 Received: from dam by nose.ktnx.net with local (Exim 4.72) (envelope-from ) id 1RB0bI-0005js-3i for modperl@perl.apache.org; Tue, 04 Oct 2011 11:43:44 +0300 Date: Tue, 4 Oct 2011 11:43:44 +0300 From: Damyan Ivanov To: modperl@perl.apache.org Subject: PerlOptions -Sections not permitted in server config Message-ID: <20111004084343.GA21290@ktnx.net> Mail-Followup-To: Damyan Ivanov , modperl@perl.apache.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Checked: Checked by ClamAV on apache.org The following bug report arrived at Debian bugtracker (http://bugs.debian.org/644169). Since I am able to reproduce it with 2.0.5, I am forwarding it here for advice: (note that I have omitted some parts, as well as the output of mp2bug. See the above URL for the full details if needed) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I'm unable to disable sections, as described here: http://perl.apache.org/docs/2.0/user/config/config.html#C_Perl_Handler_ So, according to the documentation, I should be able to simply place the following in the server configuration. PerlOption -Sections When the option is placed in the server configuration, the following error message is printed to screen when using apache2ctl configtest: Syntax error on line 10 of /etc/apache2/conf.d/all_vhosts: Invalid per-server PerlOption: Sections Action 'configtest' failed. The Apache error log may have more information. The apache error log does not have any information. This option is not allowed in per-directory configurations, and if I try to do so, Apache provides the following error message (IP address and path mangled): [Mon Oct 03 16:11:28 2011] [alert] [client aaa.bbb.ccc.ddd] /home/dir/.htaccess: Invalid per-directory PerlOption: Sections (only allowed per-server) For my use, this bug is a security problem, as it makes it impossible to include mod_perl code to manage the Apache API in server configurations without permitting users to run Perl code in the same server, unless you also disable per-user configuration in .htaccess, which breaks other useful functionality. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To reproduce the bug, add "PerlOptions -Sections"' to the global configuration or to any container. Thanks for any hints!