reassign 384622 libapache2-mod-perl2 2.0.2-2 retitle 384622 libapache2-mod-perl2: localizing %ENV causes a segmentation fault # present in stable too found 384622 1.999.21-1 severity 384622 important tags 384622 fixed-upstream patch thanks
On Fri, Aug 25, 2006 at 04:22:54PM +0200, Martin Gruner wrote: > Package: libmime-lite-perl > Version: 3.01-7 > Severity: grave > > The Debian libmime-lite-perl package contains the following workaround > for MIME::Lite programming errors: > +local %ENV = %ENV; > This leads to segfaults of apache2 if used under mod_perl2. It > effectively deletes %ENV, so that script which uses MIME::Lite works > well if called for the first time, but dies at the second call (under > mod_perl, scripts stay in memory). Hi, there's nothing wrong with localizing %ENV, in my understanding. This is a bug in libapache2-mod-perl2. It's fixed upstream and in Ubuntu: http://thread.gmane.org/gmane.comp.apache.mod-perl/22236 http://svn.apache.org/viewvc?view=rev&revision=357236 http://patches.ubuntu.com/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.patch > Please fix this. A sarge fix would be nice too. This can be used for > local DOS attacks on mod_perl2 servers. I don't see how having this in libmime-lite-perl creates an attack vector. People writing scripts running under mod_perl2 can just as well write local %ENV; in their script and get the apache2 process to segfault. Furthermore, I would expect that segfaulting apache2 with eg. user-supplied XS code is quite trivial when you can run code inside mod_perl2. Sorry if I'm missing something. I'm reassigning this against libapache2-mod-perl2. As the bug doesn't make either libmime-lite-perl or libapache2-mod-perl2 generally unusable and doesn't (IMO) introduce a security hole, I don't see grounds for the 'grave' severity. I'm thus downgrading it to 'important' for now. Thanks for your report, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
