Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Cryptic failure of perldb under -T

by tlm (Prior)
on Jan 25, 2010 at 22:29 UTC ( #819601=perlquestion: print w/replies, xml ) Need Help??
tlm has asked for the wisdom of the Perl Monks concerning the following question:

Greetings, monks.

I just spent about an hour figuring out some very puzzling Perl behavior, and I thought I'd post what I found so Google may find it if anyone needs it. (As you'll see, this is not a bug, so a bug report is not in order. It's just bewildering on a first encounter.)

(The description that follows assumes a Unix environment; I can't say how applicable any of it is to Windows.)

If I run

% /usr/bin/perl -de 1
...the Perl debugger starts up as usual, no problem.

If I add the -T flag (thus enabling taint mode), the debugger fails to start:

% /usr/bin/perl -Tde 1 Attempt to reload Carp/ aborted. Compilation failed in require at /usr/share/perl/5.10/ line 33. Attempt to reload Carp/ aborted. Compilation failed in require at /usr/share/perl/5.10/ line 33.

(Of course, here I'm running perl -Tde 1 only as an illustration. In practice one would run more interesting code under -Td.)

I'll spare you the description of all the trials I went through to finally fix this. I'll just cut to the chase and reveal that the culprit is the debugger configuration file ~/.perldb. Even an empty ~/.perldb file is enough to scuttle a run of perl -Td.

Curiously enough, having a ./.perldb file in your current directory is enough to bypass the exception. I think the reason for this is that a ./.perldb masks ~/.perldb, and furthermore, perl does not need to consult the value the environment variable $HOME to determine its location. So, in fact, the real reason for the error seems to be the reading in of a file accessed via a tainted path. By the same token, running perl -Td in your $HOME directory also bypasses the problem, because then ~/.perldb is accessed as if it where any other "local" ~/.perldb file.

In retrospect, it all makes sense, but still, it's unfortunate that the error message that ultimately gets emitted has so little to do with the actual cause of the error.

The take-home message is that the perl debugger runs uneasily under taint mode, and may fail in cryptic ways because of this. In particular, anything that involves %ENV at startup is a potential source of trouble.


the lowliest monk

Replies are listed 'Best First'.
Re: Cryptic failure of perldb under -T
by ikegami (Pope) on Jan 25, 2010 at 22:49 UTC

    The cause of the error is specified more precisely in v5.11.4-24-g1549364*, yet the location is even more hidden:

    $ ./perl -Ilib -Tde 1 Insecure dependency in require while running with -T switch at lib/per line 1417. Compilation failed in require. at -e line 0 main::BEGIN() called at lib/ line 0 eval {...} called at lib/ line 0 BEGIN failed--compilation aborted. at -e line 0 Debugged program terminated. Use q to quit or R to restart, use o inhibit_exit to avoid stopping after program termination, h q, h R or h o to get additional info. DB<1> q

    Is the problem that Carp isn't taint safe? That's not good. How about you submit a bug report?

Re: Cryptic failure of perldb under -T
by SilasTheMonk (Chaplain) on Jan 25, 2010 at 22:39 UTC
    I also have found debugging under taint mode frustratingly unstable. However I think it has never failed on startup. Usually it either fails when I press the delete key, or when I try to autocomplete a subroutine name. I never learn from these experiences except to the extent that I turn off taint mode when debugging.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://819601]
Approved by SilasTheMonk
Front-paged by planetscape
[marto]: good morning all
[Corion]: Hi marto!
[Corion]: The fun show at $work continues, as The Big Project is now in its second week of frantic live-bugfixing and weekend releases where nobody knows what went live. Nothing has been tested anyway.
erix mutters cantankerously under his breath
Corion watches from the sidelines. Or rather, from behind, as my system only gets output from that process and my programs adhere strictly to the GIGO design principle.
[erix]: ah, that's nice to hear Corion :)
[Corion]: erix: Yeah, the sad thing is that all I can do is document things, so I can point fingers when the auditors come :-/
[Corion]: "I'm here to open tickets and point fingers. And I'm all out of tickets."
[erix]: didn't Sybase have pretty good auditing? :) (this is a vague memory)
[erix]: (culprits often are upstream of db of course)

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (7)
As of 2017-03-28 08:57 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (328 votes). Check out past polls.