If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

PERL5LIB should be honored in taint-mode CGI-scripts




13 years ago
10 years ago


(Reporter: kreiger, Unassigned)





13 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041221
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041221

I want to put the required perl modules in a non-standard directory and have
bugzilla find them there.
This can often be done by putting "SetEnv PERL5LIB /some/where" in httpd.conf. 
However, PERL5LIB is not honored by perl in taint-mode, unless the script uses
something like the pragma perl5lib (http://search.cpan.org/~nobull/perl5lib/),
or some other workaround ("use lib '/some/where'").

Reproducible: Always

Steps to Reproduce:
1. Install required perl modules in non-standard directory, for example
2. Put "SetEnv PERL5LIB /srv/www/perl" in httpd.conf
3. Restart Apache

Actual Results:  
Bugzilla did not find the required modules.

Expected Results:  
Bugzilla should have found the perl modules in the directory specified by PERL5LIB.

Trying to access query.cgi gives:
Software error:

Base class package "Template" is empty.
    (Perhaps you need to 'use' the module which defines that package first.)
 at Bugzilla/Template.pm line 38
BEGIN failed--compilation aborted at Bugzilla/Template.pm line 38.
Compilation failed in require at Bugzilla.pm line 32.
BEGIN failed--compilation aborted at Bugzilla.pm line 32.
Compilation failed in require at CGI.pl line 417.
BEGIN failed--compilation aborted at CGI.pl line 417.

Comment 1

13 years ago
I'll bet that the Debian packaging folks could also use this.

This would have to be a general change, not just a change in checksetup.
Component: Installation & Upgrading → Bugzilla-General
Ever confirmed: true
OS: Linux → All
Hardware: PC → All


13 years ago
Assignee: zach → general
I also installed perl modules in a non-standard location and was surprised when SetEnv PERL5LIB /home/jablko/perl/lib/perl/5.8.8:/home/jablko/perl/share/perl/5.8.8 didn't work. I discovered:

1) PERL5LIB is not honored in taint mode unless the perl5lib pragma is used, as krieger reports.

2) suEXEC cleans PERL5LIB from the environment: http://httpd.apache.org/docs/2.2/suexec.html

So I can't use PERL5LIB to help Bugzilla locate perl modules. Instead I added to localconfig:

use lib '/home/jablko/perl/lib/perl/5.8.8', '/home/jablko/perl/share/perl/5.8.8';

I thought in future checksetup.pl could automatically add this line if PERL5LIB is set (as it is when I call checksetup.pl on the command line). This would avoid checksetup.pl finding all the required perl modules, but then CGIs failing because they can't locate them.

Unfortunately adding this line to localconfig didn't work, probably because it is read only after some required perl modules are used? To get Bugzilla working I finally had to add the above line to the top of Bugzilla.pm, but I wish there were a way to get Bugzilla working without editing Bugzilla.pm. Is there?

Thanks, Jack

Comment 3

10 years ago
Max, do we still want this? Now that Bugzilla has its own lib/ directory, this doesn't seem required anymore. In the worst case, you can add symlinks from bugzilla/lib/ pointing to your favorite place. So I'm suggesting WONTFIX.

Comment 4

10 years ago
  Yeah, we resolved this another way, by creating lib/ and providing install-module.pl
Last Resolved: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.