in reply to Problems running debugger when in taint mode

What version(s) of perl have you seen this with, and do you have a short program and example perl -d session that reproduces the issue?

Dave.

  • Comment on Re: Problems running debugger when in taint mode

Replies are listed 'Best First'.
Re^2: Problems running debugger when in taint mode
by mje (Curate) on Feb 10, 2010 at 10:39 UTC 
    $ perl --version
This is perl, v5.10.0 built for i486-linux-gnu-thread-multi

$ perl -MTerm::ReadLine -le 'print $Term::ReadLine::VERSION'
1.03

$ perl -MLWP::UserAgent -le 'print $LWP::UserAgent::VERSION;'
5.829

    [download]

    It is as supplied with Ubuntu Karmic 9.10 except I've installed loads of modules including Term::ReadLine::GNU so I could get readline support in the debugger.

    Your request for a reproducible short example led me to find that it is once I've successfully called LWP::UserAgent's get that things go wrong.

    #!/usr/bin/perl -tw
use strict;
use warnings;

require 5.008008;
use Config::IniFiles;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
$ua->env_proxy;
my $r = $ua->get('http://www.perlmonks.org');
# assuming the above works, once you've stepped on it running any debu
+gger
# command including h for help results in screens full of Insecure dep
+endency
# warnings and my code after that point does not work the same as when
+ run
# without the debugger.
die "Failed to retrieve url, " . $r->status_line . "\n"
    if (!$r->is_success);
print "hello\n";

    [download]
    perl -d -t /tmp/d.pl

Loading DB routines from perl5db.pl version 1.3
Editor support available.

Enter h or `h h' for help, or `man perldebug' for more help.

main::(/tmp/d.pl:5):    require 5.008008;
  DB<1> n
main::(/tmp/d.pl:9):    my $ua = LWP::UserAgent->new;
  DB<1> n
main::(/tmp/d.pl:10):    $ua->env_proxy;
  DB<1> 
main::(/tmp/d.pl:11):    my $r = $ua->get('http://www.perlmonks.org');
  DB<1> 
main::(/tmp/d.pl:16):    die "Failed to retrieve url, " . $r->status_l
+ine . "\n"
main::(/tmp/d.pl:17):        if (!$r->is_success);
Insecure dependency in sprintf while running with -t switch at /usr/sh
+are/perl/5.10/overload.pm line 99.
Insecure dependency in sprintf while running with -t switch at /usr/sh
+are/perl/5.10/overload.pm line 99.
Insecure dependency in open while running with -t switch at /usr/local
+/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 620.
 at /usr/local/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 620
    Term::ReadLine::Gnu::Var::FETCH('Term::ReadLine::Gnu::Var=SCALAR(0
+x8e78258)') called at /usr/local/lib/perl/5.10.0/Term/ReadLine/Gnu.pm
+ line 298
    Term::ReadLine::Gnu::readline('Term::ReadLine=HASH(0x8df56b8)', ' 
+ DB<1> ') called at /usr/share/perl/5.10/perl5db.pl line 6414
    DB::readline('  DB<1> ') called at /usr/share/perl/5.10/perl5db.pl
+ line 2227
    DB::DB called at /tmp/d.pl line 16
Insecure dependency in sprintf while running with -t switch at /usr/sh
+are/perl/5.10/overload.pm line 99.
Insecure dependency in sprintf while running with -t switch at /usr/sh
+are/perl/5.10/overload.pm line 99.
Insecure dependency in sprintf while running with -t switch at /usr/sh
+are/perl/5.10/overload.pm line 99.
Insecure dependency in open while running with -t switch at /usr/local
+/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 656.
 at /usr/local/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 656
    Term::ReadLine::Gnu::Var::STORE('Term::ReadLine::Gnu::Var=SCALAR(0
+x8e78258)', 'Term::ReadLine::Gnu::Var=GLOB(0x8ef1638)') called at /us
+r/local/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 298
    Term::ReadLine::Gnu::readline('Term::ReadLine=HASH(0x8df56b8)', ' 
+ DB<1> ') called at /usr/share/perl/5.10/perl5db.pl line 6414
    DB::readline('  DB<1> ') called at /usr/share/perl/5.10/perl5db.pl
+ line 2227
    DB::DB called at /tmp/d.pl line 16

    [download]

    At this point simply typing h results in screens of dependency output and then funny things happen like break points stop working etc - as described originally.

[reply]
[d/l]
[select]
      I can reproduce it here on my stock Fedora perl, although I get an additional $ENV{PATH} warning during startup from this line in Term::Cap: 
      my $tmp = `infocmp -C 2>/dev/null`;

      [download]
      which is not unreasonable, but I *don't* get that error under -T.

      This may be related to perl bug #72330, which I intend to look at further after 5.12 is released. Dave.

[reply]
[d/l]

        My issues certainly seem to have some similarities with #72330. Incidentally, when running with -T it (my small example) stops immediately for me with:

        Insecure dependency in open while running with -T switch at /usr/local
+/lib/perl/5.10.0/Term/ReadLine/Gnu.pm line 620.
END failed--call queue aborted.
 at /tmp/d.pl line 0
Config::DESTROY(/usr/lib/perl/5.10/Config.pm:62):
62:    sub DESTROY { }
IO::Handle::DESTROY(/usr/lib/perl/5.10/IO/Handle.pm:76):
76:    sub DESTROY {}
IO::Handle::DESTROY(/usr/lib/perl/5.10/IO/Handle.pm:76):
76:    sub DESTROY {}

        [download]

        but if I add PERLDB_OPTS="ReadLine=0" and change to -T instead of -t it works fine. Disabling ReadLine gets me further in my actual code also although it inevitably stops sooner than I'd like as some real tainted data is in use which escapes with -t.

        I am thinking of trying HTTP::Lite instead as it does appears LWP::UserAgent is the start of my problems here and I hear HTTP::Lite is faster and I'm only doing simple gets.

        Thanks for pointing out #72330, I'll keep an eye on it and if you want to come back to me when there is a fix - fine.

[reply]
[d/l]

In Section Seekers of Perl Wisdom