Item691: %ENV is aliased to another variable while running with -T switch

With mod_perl enabled Foswiki fails to display pages randomly when user is authenticated.

Error message is | 07 Jan 2009 - 12:12 | %ENV is aliased to another variable while running with -T switch at /apps/wiki/data/wiki-prd/lib/Foswiki/Sandbox.pm line 480

Found on Solaris10 with Apache/2.2.11 mod_perl/2.0.4 Perl/v5.10.0; reproduceable on Debian 4.0 (Apache/2.2.3 mod_perl/2.0.2 Perl/v5.8.8)

-- StefanPalm

This bug prevented from running any sysCommand under mod_perl.

Reported by user pontius on #foswiki, 6-7 Jan 2009

-- OlivierRaginel - 07 Jan 2009

it also broken the RcsFile unit tests so no release on the 7th.

-- KennethLavrsen - 08 Jan 2009

Some experiments show that the

local @ENV on some perls resets the ENV so for example the rcs ci runs as root and fails.

Sven suggested

local @ENV = @ENV

The unit tests passes with this

So this should be tried by the mod_perl guys with the original problem.

But this could also bring back the issue which seems taint related. Most likely issue is that the $ENV{"PATH"} is tainted. The cure for this would be to untaint this by setting

$ENV{"PATH"} = "some untainted path"

I could suggest this code to try put in the same place where the local @ENV was placed in Sandbox.pm

[root@www foswiki]# svn diff
Index: core/lib/Foswiki/Sandbox.pm
===================================================================
--- core/lib/Foswiki/Sandbox.pm (revision 1849)
+++ core/lib/Foswiki/Sandbox.pm (working copy)
@@ -478,6 +478,16 @@
             open( STDERR, '>', File::Spec->devnull() )
               || die "Can't kill STDERR: '$!'";

+            local %ENV = %ENV;
+            if ( $Foswiki::cfg{SafeEnvPath} ) {
+                $ENV{PATH} = $Foswiki::cfg{SafeEnvPath};
+            }
+            else {
+                # SMELL: how can we validate the PATH?
+                $ENV{PATH} = Foswiki::Sandbox::untaintUnchecked( $ENV{PATH} );
+            }
+            delete @ENV{qw( IFS CDPATH ENV BASH_ENV )};
+
             unless ( exec( $path, @args ) ) {
                 syswrite( STDOUT, $key . ": $!\n" );
                 exit($key);

I would try with this code in mod_perl and if it works we check it in and release.

it passes the unit tests on my machine

-- KennethLavrsen - 08 Jan 2009

Above fix is checked in to ease testing for mod_perl users.

I will revert if it does not work. If confirmed working we release when I wake up.

-- KennethLavrsen - 08 Jan 2009

Fix doesn't solve the problem for me
| 08 Jan 2009 - 06:52 | %ENV is aliased to another variable while running with -T switch at /apps/wiki/data/foswiki-1.0.0/lib/Foswiki/Sandbox.pm line 488

-- StefanPalm - 08 Jan 2009

Sorry about this. The error message was misleading, and I think it's an issue with mod_perl. One shouldn't really fork under mod_perl, thus we should warn users about this. Anyway, the distro:529cedf86fac seems to fix it, and don't break anything.

Downgrading this to normal (as it's fixed) and assigning it to Foswiki:Main.GilmarSantosJr so he can review.

-- OlivierRaginel - 08 Jan 2009

I don't understand yet why this error doesn't happen with other engines (CGI/FastGGI), but I analyzed it and there is no problem in setting $ENV{REMOTE_ADDR} without localizing it first. Anyway, mod_perl already adjusts it (using SetHandler perl-script).

But I'll improve Foswiki::LoginManager::Session, so it can work without the need to set %ENV, thus more robust. There is no problem to release this change with 1.0.1.

-- GilmarSantosJr - 09 Jan 2009

since we now have released 1.0.0 and the we did a fix which was to remove the local %ENV in Session.pm I am closing this report.

If we want to rewrite some of the Session code to be even more robust please do so on a new bug item so we have good configuration management of which bugs were resolved in which releases. This is vital information a year or two from now when people report problems.

-- KennethLavrsen - 09 Jan 2009