Debian Developers - strange Perl code in mrtg

Author

strange Perl code in mrtg

Russell Coker

2004-08-08, 7:59 am

71: use FindBin;
72: use lib "${FindBin::Bin}";
73: use lib "${FindBin::Bin}${main::SL}..${main::SL}lib${main::SL}mrtg2";

MRTG in unstable has the above code which gives the following error if it
can't get read access to /root (giving getattr and search access is not
enough):

Use of uninitialized value in string at /usr/bin/mrtg line 72.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 73.

Why does this PERL code need read access to the /root directory? I think that
it has no good reason to even try reading that directory, and if it does try
it shouldn't give an error condition if it can't succeed!

The above error causes rateup not to be run at a later stage of the program
(it attempts to run "/rateup" instead of "/usr/bin/rateup").

I can provide access to a SE Linux machine to duplicate this for anyone who is
interested in experimenting with it. Unix permissions do not allow such fine
grained access control and do not permit a root owned process to be denied
access to /root so duplicating such bugs on a non-SE system is difficult.

--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page

--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Andrew Suffield

2004-08-08, 5:51 pm

Whee, clusterXXXX.

On Sun, Aug 08, 2004 at 09:41:56PM +1000, Russell Coker wrote:
> 71: use FindBin;
> 72: use lib "${FindBin::Bin}";
> 73: use lib "${FindBin::Bin}${main::SL}..${main::SL}lib${main::SL}mrtg2";
>
>
> MRTG in unstable has the above code which gives the following error if it
> can't get read access to /root (giving getattr and search access is not
> enough):
>
> Use of uninitialized value in string at /usr/bin/mrtg line 72.

First off, what's happening here is probably that FindBin failed to
find the binary, so $FindBin::Bin is undef. (I'm assuming this is the
case - otherwise you have at least a PERL interpreter bug; not unknown
but not likely).

> Why does this PERL code need read access to the /root directory? I thinkthat
> it has no good reason to even try reading that directory, and if it does try
> it shouldn't give an error condition if it can't succeed!

Yes, clearly something went wrong here. Probably because the strange
selinux environment behaves in an unexpected way - FindBin is a fairly
heuristic bit of code, by necessity. It's supposed to croak() when it
fails but didn't, and it probably shouldn't be failing either.

Assuming basic familiarity with the PERL debugger, this sequence of
commands should suffice for you to debug it:

perl -MFindBin -de42
b FindBin::init
p FindBin::again()

Running this in precisely the environment that confuses FindBin is
more tricky - can't help you with that one.

The problem should be fairly obvious. It may be related to the working
directory, or to $PATH. FindBin isn't particularly sophisticated.

You're looking for no less than three bugs here:

1) It should have thrown an exception, instead of leaving an undef
2) It shouldn't have been undef
3) It shouldn't have been looking in /root

The last one might be caused by invoking the script in a strange way.

--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |