Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

why I will not use ActiveState again

by rjbs (Pilgrim)
on Dec 01, 2006 at 13:35 UTC ( #587184=note: print w/ replies, xml ) Need Help??


in reply to Getting Fed Up with ActiveState

I used to use ActivePerl, but now that there are better alternatives, I will never use them again.

My favorite discovery was pretty recent. They totally replaced File::Path with another implementation that has different bugs and the same version number. I couldn't figure out why there were warning coming from ExtUtils::Install on Win32 until I found that rmtree was behaving differently on false input.

What! The! Hell!
rjbs


Comment on why I will not use ActiveState again
Re: why I will not use ActiveState again
by syphilis (Canon) on Dec 01, 2006 at 13:54 UTC
    They totally replaced File::Path with another implementation that has different bugs and the same version number

    You're quite right - which surprised me. A diff of ActivePerl build 819 and perl 5.8.8 built from CPAN source produced (in part) the following:
    -our $VERSION = "1.08"; # but modified for ActivePerl +our $VERSION = "1.08";
    I think they should have at least made mention of the modification in the File::Path documentation.

    Cheers,
    Rob
      You'll find the following note in the ActivePerl ChangeLog:
      * File::Path's rmtree() function has been replaced to address security vulnerability CAN-2005-0448.

      We have basically adopted the version from Debian Linux.

      BTW, we also publish this patch file that documents how the current ActivePerl differs from the official 5.8.8.

        Unfortunately, when someone comes to me and says, "Your module produces errors or warnings on my ActivePerl install," it's difficult for me to determine that it's because a core module several layers up the chain is different. I certainly don't want to consult that patch file for every recursively included module. The changed rmtree didn't just address some vulnerability, it introduced at least one new behavior, carping on [] as the first arg to rmtree. With a core that doesn't behave like the perl core, it's harder to support. The changes may be minor, but they're distracting and make debugging take significantly longer where it shouldn't, liked in pure Perl modules. As someone who tries to support every platform, I find it very frustrating.
        rjbs
Re: why I will not use ActiveState again
by Anonymous Monk on Aug 30, 2007 at 13:07 UTC

    That same change to file-path also causes breakage in the rmtree of files across SMB/CIFS shares. Previous to this patch, there was no issue. Not to mention that the patch applied doesn't exclude Windows from it as a platform.

    I tried the following experiment:

    1. Add a variable: my $Is_Windows = $^O eq 'MSWin32';
    2. Wrap the two race/exploit checks in if (!$Is_Windows).

    The AS patch was sloppy at best, careless at worst. Windows doesn't use GNU Fileutils, as far as I know.

      I posted the above message. New to the perlmonks site, and created the new user in another tab. Sorry.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://587184]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2014-12-26 03:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (164 votes), past polls