https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17717

Marco Moreno <mmor...@pobox.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mmor...@pobox.com
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |---

--- Comment #40 from Marco Moreno <mmor...@pobox.com> ---
This issue is NOT fixed in 17.05.  I'm seeing this now after having upgraded
from 16.11.  However, I've discovered some things that might be helpful.

As Chris mentioned, this appears to be a bug with base.pm (IMO).  Perhaps it's
behavior has changed due to this security resolution that forces Perl to die if
a required module is cannot be read when traversing @INC:
https://rt.perl.org/Public/Bug/Display.html?id=113422

According to this post, base.pm may attempt to require a module that does not
exist and traverse the entire @INC array:
https://rt.cpan.org/Public/Bug/Display.html?id=106552#txn-1589169
Evidently, it dies as soon as it encounters a directory it cannot read.

Avoiding '.' in PERL5LIB doesn't really help since Perl already includes '.' in
@INC (also a security concern???).  Working around this means either ensuring
that '.' points to a directory that can be read (e.g. "cd /tmp") or modifying
the @INC array to remove '.' from it.

The latter seems better so I modified the BEGIN block in
/usr/share/koha/bin/kohalib.pl like this:

-------------------------------------
use strict;
#use warnings; FIXME - Bug 2505

my $module_dir;
BEGIN {
    $module_dir = '/usr/share/koha/lib';
    die if $module_dir =~ /^[_]{2}PERL_MODULE_DIR[_]{2}$/;
    @INC = grep {$_ ne '.'} @INC;
}

use lib $module_dir;

1;
-------------------------------------

This also allows the change to be in one place and avoid having to insert a 'cd
/tmp' for each cron job.

I'm running Perl 5.22 - I wonder if it's fixed in 5.24.

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to