[ic] XML::Parser, Safe.pm, system signal 12
Mike Heins
mike at perusion.com
Wed Jun 9 12:20:20 EDT 2004
Quoting Carsten Jahnke (carstenjahnke at web.de):
> Hello Interchange Users!
> This is my first post here and my english is perhaps a little bit rusty :)
>
> We have Interchange version 5.0.0 on a SuSE Linux 2.4.19-4GB machine
> running with a complex perfective maintenance backend. To import and
> update the products db we want to use XML::Parser in a UserTag to
> support XML-files. The problem is the safe-Module. When
> require XML::Parser;
> is used we get the following message in <catroot>/error.log:
>
> 192.168.0.20 kbaJZoJo:192.168.0.20 - [08/June/2004:18:40:51 +0200] catname /
> cgi-bin/catname/admin/index.html require_error: require trapped by operation
> mask at /usr/lib/perl5/site_perl/5.6.1/i586-linux/XML/Parser.pm line 14.
> Compilation failed in require at (tag 'mvasp') line 111.
>
> The following code also returns in no success:
>
> eval {
> require XML::Parser;
> };
> if ($@) {
> ::logError("require_error: $@");
> return;
> }
Try putting
SafeUntrap require
in interchange.cfg. This will sometimes help, but significantly reduces
the security of Safe. It may not work, either, if they have to modify
the symbol table as part of the require; you can usually get around
that by pre-requiring needed modules in a BEGIN {} block.
Modules which routinely use "require" at runtime without option to
mitigate that by pre-using the needed module are not very well-behaved
in my opinion.
If you can break out the XML::Parser things into operations that
can be placed outside your [perl] blocks, i.e.
[tmp result][your-xml-parser-tag][/tmp]
then you can use the result in your subsequent Perl code.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
I am convinced that life is 10% what happens to me and 90%
how I react to it. And so it is for you... we are in charge
of our attitudes. -- Charles Swindoll
More information about the interchange-users
mailing list