Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Cryptic failure of perldb under -T

by tlm (Prior)
on Jan 25, 2010 at 22:29 UTC ( #819601=perlquestion: print w/ replies, xml ) Need Help??
tlm has asked for the wisdom of the Perl Monks concerning the following question:

Greetings, monks.

I just spent about an hour figuring out some very puzzling Perl behavior, and I thought I'd post what I found so Google may find it if anyone needs it. (As you'll see, this is not a bug, so a bug report is not in order. It's just bewildering on a first encounter.)

(The description that follows assumes a Unix environment; I can't say how applicable any of it is to Windows.)

If I run

% /usr/bin/perl -de 1
...the Perl debugger starts up as usual, no problem.

If I add the -T flag (thus enabling taint mode), the debugger fails to start:

% /usr/bin/perl -Tde 1 Attempt to reload Carp/Heavy.pm aborted. Compilation failed in require at /usr/share/perl/5.10/Carp.pm line 33. Attempt to reload Carp/Heavy.pm aborted. Compilation failed in require at /usr/share/perl/5.10/Carp.pm line 33.

(Of course, here I'm running perl -Tde 1 only as an illustration. In practice one would run more interesting code under -Td.)

I'll spare you the description of all the trials I went through to finally fix this. I'll just cut to the chase and reveal that the culprit is the debugger configuration file ~/.perldb. Even an empty ~/.perldb file is enough to scuttle a run of perl -Td.

Curiously enough, having a ./.perldb file in your current directory is enough to bypass the exception. I think the reason for this is that a ./.perldb masks ~/.perldb, and furthermore, perl does not need to consult the value the environment variable $HOME to determine its location. So, in fact, the real reason for the error seems to be the reading in of a file accessed via a tainted path. By the same token, running perl -Td in your $HOME directory also bypasses the problem, because then ~/.perldb is accessed as if it where any other "local" ~/.perldb file.

In retrospect, it all makes sense, but still, it's unfortunate that the error message that ultimately gets emitted has so little to do with the actual cause of the error.

The take-home message is that the perl debugger runs uneasily under taint mode, and may fail in cryptic ways because of this. In particular, anything that involves %ENV at startup is a potential source of trouble.

Cheers,

the lowliest monk

Comment on Cryptic failure of perldb under -T
Select or Download Code
Re: Cryptic failure of perldb under -T
by SilasTheMonk (Chaplain) on Jan 25, 2010 at 22:39 UTC
    I also have found debugging under taint mode frustratingly unstable. However I think it has never failed on startup. Usually it either fails when I press the delete key, or when I try to autocomplete a subroutine name. I never learn from these experiences except to the extent that I turn off taint mode when debugging.
Re: Cryptic failure of perldb under -T
by ikegami (Pope) on Jan 25, 2010 at 22:49 UTC

    The cause of the error is specified more precisely in v5.11.4-24-g1549364*, yet the location is even more hidden:

    $ ./perl -Ilib -Tde 1 Insecure dependency in require while running with -T switch at lib/per +l5db.pl line 1417. Compilation failed in require. at -e line 0 main::BEGIN() called at lib/perl5db.pl line 0 eval {...} called at lib/perl5db.pl line 0 BEGIN failed--compilation aborted. at -e line 0 Debugged program terminated. Use q to quit or R to restart, use o inhibit_exit to avoid stopping after program termination, h q, h R or h o to get additional info. DB<1> q

    Is the problem that Carp isn't taint safe? That's not good. How about you submit a bug report?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://819601]
Approved by SilasTheMonk
Front-paged by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (5)
As of 2014-12-20 03:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (95 votes), past polls