Skip to content

Conversation

@ribasushi
Copy link
Contributor

NOTE - this is a workaround for the current version of base.pm in blead. I do not endorse, agree or condone the original changeset from 362f3f7 / bca5527 / 8901dde. Simply popping '.' is shortsighted and wrong

With that said - the current implementation has a pretty serious regression, hence this PR as an attempt at damage control. The original local()-based implementation would mask away any @INC
manipulation within a require()d chain.

@xsawyerx PLEASE do not ship the maint-perls without implementing this or a similar fix.

@haarg, @kentfredric, @ap, @Leont, @karenetheridge : I wrote this in the past hour literally in a moving vehicle, with a mild headache. Please scrutinize the changeset. I would be very surprised if it doesn't contain problems.

The original local()-based implementation would mask away any @inc
manipulation within a require()d chain. *PLEASE* do not ship the
maint-perls without implementing this or a similar fix.
@ribasushi
Copy link
Contributor Author

Similar changes ( local() => stateful scope guard ) may be necessary in other parts of dist/: I have not investigated.

@MartinMcGrath
Copy link
Contributor

This is a read only mirror, see http://perldoc.perl.org/perlhack.html

@kentfredric
Copy link
Contributor

Just to confirm my reading is correct:

Basically, you're removing the trailing '.', and then only putting it back at scope exit, and then, only if @inc[-1] is in the same state as it was before hand.

The idea being if somebody unshifts @inc, 'thing', that suppresses adding a '.' as well.

But I don't understand exactly why this solution is different/better than the existing one.

@kentfredric
Copy link
Contributor

Ah, right, because with just a naive local, any manipulations made during the use of children modules is lost. So you're trying to preserve that.

@kentfredric
Copy link
Contributor

its just this logic I don't quite get:

 if ($INC[-1] eq '.') {
              pop @INC;
my $localized_tail = $INC[-1];
...
push @INC, '.'   if $localized_tail eq $INC[-1]||'';

If somebody modifies @inc via unshift inside base loading, wont that break . restoration?

@ap
Copy link
Contributor

ap commented Aug 12, 2016

The idea being if somebody unshift @INC, 'thing', that suppresses adding a '.' as well.

But it won’t, because the code checks whether $INC[-1] is the same before and after. That will be true of just about any modification of @INC other than push @INC, $whatever.

Off the cuff I’m not sure that that condition makes sense. Otherwise the approach looks good.

@ap
Copy link
Contributor

ap commented Aug 12, 2016

Possibly it should be push @INC, '.' unless '.' eq $INC[-1]||''?

@ap
Copy link
Contributor

ap commented Aug 12, 2016

Shed-painting notes: I’d prefer to write this with a non-generic scope guard. Also, since it’s just the DESTROY you care about, you don’t need the PAUSE hiding hack. That makes the total patch much simpler (untested, written in the comment box):

@@ -6,6 +6,13 @@ use vars qw($VERSION);
 $VERSION = '2.24';
 $VERSION =~ tr/_//d;

+sub base::__scope_guard::DESTROY { push @INC, '.' if ${$_[0]} eq $INC[-1]||'' }
+
 # constant.pm is slow
 sub SUCCESS () { 1 }

@@ -91,14 +98,22 @@ sub import {

         next if grep $_->isa($base), ($inheritor, @bases);

-        # Following blocks help isolate $SIG{__DIE__} changes
+        # Following blocks help isolate $SIG{__DIE__} and @INC changes
         {
             my $sigdie;
            {
                 local $SIG{__DIE__};
                 my $fn = _module_to_filename($base);
-                local @INC = @INC;
                 pop @INC if my $dotty = $INC[-1] eq '.';
+                $dotty &&= bless \$INC[-1], 'base::__scope_guard';

(If the carefully-conditional push doesn’t make sense, it can just bless \$dotty.)

@xsawyerx
Copy link
Member

@ribasushi This is not an official mirror of Perl and the organization is not owned or used by p5p. It is equivalent to a fork someone has made. While it can serve a good place for you to hold a public fork and a visible patch, it is not the appropriate place to have p5p discuss it and review it for merge.

I have linked several people to it who have worked or reviewed CVE-2016-1238 so they could assess it, but if you want this discussed properly, I urge you to send it to p5p mailing list or to rt.perl.org.

@ribasushi
Copy link
Contributor Author

ribasushi commented Aug 13, 2016

That will be true of just about any modification of @INC other than push @INC, $whatever. Off the cuff I’m not sure that that condition makes sense.

@ap this would preserve someones intent of "I want this coderef to be the last-most thing in @INC". I don't know why someone would want to do that, but breaking that use case (that I test for) seems... suboptimal. Hence why the much more careful dance.

No objection on the rest of the stylistic changes.

@ribasushi
Copy link
Contributor Author

@xsawyerx I am sorry, given the current climate on #p5p / perl5-porters I can't possibly seriously discuss any technical issues in these venues.

If any of the participants of this thread believes the raised concerns are important enough - feel free to move further discussion (as if any is needed) to an approved venue. Alternatively if the patch dies because a specific bureaucratic dance wasn't followed - it is what it is.

@xsawyerx
Copy link
Member

@ribasushi I don't know what "climate" you are referring to, and the only one I can imagine is when I warned you about being offensive towards others. I still stand by that. I've reached out to you in multiple ways to understand if this is about something else and to resolve it, but so far it resulted in /dev/null.

This current situation boils down to you having a reasonable and useful patch for a core module that affects many users. We need to be able to discuss it with a larger group, so any suggested changes or questions about it can be addressed. This forum does not provide one and you refuse to use the existing forum. It's a shame. Instead, we now need to open a ticket with your patch, discuss it, and go back and forth with this ticket on any questions or comments.

@kentfredric
Copy link
Contributor

Can we not have a meta-conversation on this thread? That typically doesn't go anywhere. Because you're going to be opinion swapping at this rate and its all downhill from there.

Stick with the immediate bug and take politics somewhere else.

@kentfredric
Copy link
Contributor

I've manually relayed this myself to perl5porters to ensure it gets more eyes before we're stuck with the maint-release that's due in 3 days.

@ribasushi
Copy link
Contributor Author

@xsawyerx relaying where I left things last week on (yet another) closed list:

( wrt the implementation being questionable )
<ribasushi> I generally agree (and wrote as much from the start) that my *implementation* is shitty
<ribasushi> however nobody opined whether the two *tests* are right
<ribasushi> ( I started with tests, and losing `push @INC` support over the .-non-issue seemed wrong, hence why a tentative implementation ot get the test pass )
<ribasushi> so back to basics: are the tests sane

There has been no discussion of this since that I am aware of

@xsawyerx
Copy link
Member

@ribasushi We have run the same tests against your code and we don't see any breakage coming from it. Another suggestion, coming from @toddr, is to leave base.pm unchanged and document the possible risk (which is otherwise stated officially anyway).

I would be happy to have your opinion on this.

@xsawyerx
Copy link
Member

I would be happy to add more information about the possible risks, but I cannot do this publicly because it isn't disclosed yet. If you cannot do this privately, I won't be able to share it with you. :/

@kentfredric
Copy link
Contributor

kentfredric commented Aug 24, 2016

If the option is to leave base.pm untouched and ship it idendical to how it was in the last stable releases ( ie: completely preserving . in @INC ) then I'm in favour.

"There's still a potential trap here" is not great, but if we can't be sure we're not breaking code, then we shouldn't be doing it, least of all in a stable point-release.

At least, if we leave it as-is there's still a possible future where we can route around it, if we decide to.

Its only by prematurely committing to this that we cut ourselves off ( because we'll be dealing with the consequences of that mistake for the next 5 years at least )

I mean, in a sense, fencing @INC in base.pm is like fencing @INC in global require.

Because making every require Foo imply require Foo except without . in inc
is the same problem as making every use base Foo imply require foo without . in inc

We're not ready to do the first of these, so we shouldn't be doing the latter either, its simply not self-consistent.

Similarly, everything that mimics "require foo" semantics that is user facing should probably not be fixed in this way, because it all is prone to the same "breaking how require works" problem.

the correct place for existing code that is vulnerable to this in Perl core is in things that do

   use base Foo

so those statements should probably be augmented to

BEGIN {
   local @INC = @INC;
   pop @INC if $INC[-1] eq '.';
   require base;
   base->import("Foo");
}

But at that point, the reason you were using base.pm in the first place is mostly wasted anyway, and it would be simpler to just write

BEGIN {
   local @INC = @INC;
   pop @INC if $INC[-1] eq '.';
   require Foo;
   @ISA = ("Foo");
}

I only hope base.pm is the only thing that had this potential problem, and that there's nothing else lurking in things that were using base.pm which cease to be patched because people assumed base.pm would protect them.

toddr added a commit to toddr/perl that referenced this pull request Sep 13, 2020
[DELTA]

1.60 2020-08-05 rurban

- Increase t/call.t verbosity on failures (PR Perl#12 aatomic)
- Push cwd to @inc for PERL_CORE (PR Perl#11 jkeenan)
- Update search.cpan.org link to metacpan (PR Perl#10 Grinnz)
toddr added a commit that referenced this pull request Sep 13, 2020
[DELTA]

1.60 2020-08-05 rurban

- Increase t/call.t verbosity on failures (PR #12 aatomic)
- Push cwd to @inc for PERL_CORE (PR #11 jkeenan)
- Update search.cpan.org link to metacpan (PR #10 Grinnz)
toddr added a commit to toddr/perl that referenced this pull request Sep 15, 2020
[DELTA]

2.096 31 July 2020

* Add Zip support for Zstd
508258baeeec51ba49c3c07d2dda7c19e3194985

* Add support for Zip/Unzip with XZ compression
6d240d3b3514d627a751ec82fe71f2e236301e19
3c0046e8bc65ef467b9153722609654d3ccc5bbd

2.095 19 July 2020

* Add Support for Zstandard in AnyUncompress

2.094 13 July 2020

* bin/zipdetails version 2

7acb49ff4ca67051deaffd7f988556dae0dd884b small update
f5988eebc21a4d0b96e0b094e6e9bf8d3dcb1763 Better error messages for missing Zip64 records
d224dcc321dd1ff120345ac3a19286ecdc79776f Add note about warning output
4caa0e5117c4c214f457d90f9a87d00772a79622 Add --version option
6c045c859d2b6bab0398833f207d7f9b803bbbab Version 2
df97743ffa1da816936e8ef504c9d561d66bb0ed Beef up some error cases
073129c4f44ebd3cc2c5381ffa824fc09b474c29 Rename a couple of unused signatures
72568c7d9edfd3e2fb6647dce6ea511e9caa186c update comment
1088199809cabb9c565ac23f065988683aacd323 Merge branch 'master' of https://github.com/pmqs/IO-Compress
ad987ab95e3f3fa02fcf526736ad2da78d327460 Merge pull request Perl#10 from fabiensanglard/master
ac76d1b3d3f23077b1700778226edd68c50d81a8 fix typo
5950d7e724479f0eceffe68ae515ac117ff6a5ef Don't output "Extra Payload" if length is zero
dbd3160decd9b761dbad7aaae2ec46c0173125ef Merge pull request Perl#12 from fabiensanglard/extra
7ae4a98124c9195ca5286e3ac7d2cbe37fa2b644 Recover from bad extra subfield
3e12e62916da31c003a7273293bc32bb9a31f85f Fix typo
f3a0a4717433d32743f17d40adc30e11bea60868 Fix wrong START offset
6f078dca715473276556afb0b8582bb69efa7230 Typo for Implode string "Shannon-Fano Trees"
4e25fed1a8e29518fa38f0610a5ca33ca41e9d89 some small documentation updates.
1be04bf4bd5fb023ad276ecabdbc170823bac465 Add decoder for 'Open Packaging Growth Hint'
2da58735bdbd1149863014dd08a7cea0334f52d5 update compression method 16
82a9612676ae192747b8bcbf586b09408c3b72ce Add extra fields 0x20-0x23 from APPNOTE 6.3.5
bc5e2ffbc560b236bc3be0f977ce744f2a2afbfb remove trailing whitespace
3f70119190671b00eb432e36904aa9dbb2fb8f69 minor documentation changes
atoomic pushed a commit that referenced this pull request Sep 15, 2020
[DELTA]

2.096 31 July 2020

* Add Zip support for Zstd
508258baeeec51ba49c3c07d2dda7c19e3194985

* Add support for Zip/Unzip with XZ compression
6d240d3b3514d627a751ec82fe71f2e236301e19
3c0046e8bc65ef467b9153722609654d3ccc5bbd

2.095 19 July 2020

* Add Support for Zstandard in AnyUncompress

2.094 13 July 2020

* bin/zipdetails version 2

7acb49ff4ca67051deaffd7f988556dae0dd884b small update
f5988eebc21a4d0b96e0b094e6e9bf8d3dcb1763 Better error messages for missing Zip64 records
d224dcc321dd1ff120345ac3a19286ecdc79776f Add note about warning output
4caa0e5117c4c214f457d90f9a87d00772a79622 Add --version option
6c045c859d2b6bab0398833f207d7f9b803bbbab Version 2
df97743ffa1da816936e8ef504c9d561d66bb0ed Beef up some error cases
073129c4f44ebd3cc2c5381ffa824fc09b474c29 Rename a couple of unused signatures
72568c7d9edfd3e2fb6647dce6ea511e9caa186c update comment
1088199809cabb9c565ac23f065988683aacd323 Merge branch 'master' of https://github.com/pmqs/IO-Compress
ad987ab95e3f3fa02fcf526736ad2da78d327460 Merge pull request #10 from fabiensanglard/master
ac76d1b3d3f23077b1700778226edd68c50d81a8 fix typo
5950d7e724479f0eceffe68ae515ac117ff6a5ef Don't output "Extra Payload" if length is zero
dbd3160decd9b761dbad7aaae2ec46c0173125ef Merge pull request #12 from fabiensanglard/extra
7ae4a98124c9195ca5286e3ac7d2cbe37fa2b644 Recover from bad extra subfield
3e12e62916da31c003a7273293bc32bb9a31f85f Fix typo
f3a0a4717433d32743f17d40adc30e11bea60868 Fix wrong START offset
6f078dca715473276556afb0b8582bb69efa7230 Typo for Implode string "Shannon-Fano Trees"
4e25fed1a8e29518fa38f0610a5ca33ca41e9d89 some small documentation updates.
1be04bf4bd5fb023ad276ecabdbc170823bac465 Add decoder for 'Open Packaging Growth Hint'
2da58735bdbd1149863014dd08a7cea0334f52d5 update compression method 16
82a9612676ae192747b8bcbf586b09408c3b72ce Add extra fields 0x20-0x23 from APPNOTE 6.3.5
bc5e2ffbc560b236bc3be0f977ce744f2a2afbfb remove trailing whitespace
3f70119190671b00eb432e36904aa9dbb2fb8f69 minor documentation changes
demerphq added a commit that referenced this pull request Oct 25, 2022
demerphq added a commit that referenced this pull request Nov 5, 2022
demerphq added a commit that referenced this pull request Nov 5, 2022
demerphq added a commit that referenced this pull request Nov 5, 2022
demerphq added a commit that referenced this pull request Nov 5, 2022
demerphq added a commit that referenced this pull request Dec 31, 2022
khwilliamson pushed a commit to khwilliamson/perl5 that referenced this pull request Jan 30, 2023
Use warnings::enabled function to check if uninitialized warnings are…
demerphq added a commit that referenced this pull request Feb 8, 2023
demerphq added a commit that referenced this pull request Feb 19, 2023
demerphq added a commit that referenced this pull request Feb 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants