develooper Front page | perl.inline | Postings from January 2019

.Inline dir readonly

Thread Next
From:
Matthias Apitz
Date:
January 29, 2019 12:16
Subject:
.Inline dir readonly
Message ID:
20190129113554.GA9708@sh4-5.1blu.de

Hello,

We're using Inline-C in a Perl CGI-engine to connect to a C-written
shared library (libblow.so) for decrypting strings with BlowFish (to obfuscate the
details and the used key). This is delivered to a production environment
as:

# ls -ld /usr/local/sisis-pap/lib/.Inline
drwxr-xr-x 4 bin bin 4096 Jan 25 12:32 /usr/local/sisis-pap/lib/.Inline
# find /usr/local/sisis-pap/lib/.Inline                                                
/usr/local/sisis-pap/lib/.Inline
/usr/local/sisis-pap/lib/.Inline/config-x86_64-linux-thread-multi-5.026002
/usr/local/sisis-pap/lib/.Inline/lib
/usr/local/sisis-pap/lib/.Inline/lib/auto
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdminInstall_pl_64f0
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdminInstall_pl_64f0/SisisAdminInstall_pl_64f0.inl
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdminInstall_pl_64f0/SisisAdminInstall_pl_64f0.so
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdmin_64f0
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdmin_64f0/SisisAdmin_64f0.inl
/usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdmin_64f0/SisisAdmin_64f0.so
/usr/local/sisis-pap/lib/.Inline/build
/usr/local/sisis-pap/lib/.Inline/.lock

# ldd
# /usr/local/sisis-pap/lib/.Inline/lib/auto/SisisAdminInstall_pl_64f0/SisisAdminInstall_pl_64f0.so
        linux-vdso.so.1 (0x00007ffc223fb000)
        libblow.so => /usr/local/sisis-pap/lib/libblow.so (0x00007efdeb377000)
        libssl.so.1.1 => /usr/local/sisis-pap/lib/libssl.so.1.1 (0x00007efdeb109000)
        ...

and works just fine. Note: the things below .Inline are there and not
compiled on the flight on first use of the Inline-C code.

The only problem is, that the dir .Inline must be writeable by the
apache-process which runs as 'nobody'. This is checked in Inline.pm as:

#==============================================================================
# Find the 'Inline' directory to use.
#==============================================================================
my $TEMP_DIR;
sub find_temp_dir {
    return $TEMP_DIR if $TEMP_DIR;

    my ($temp_dir, $home, $bin, $cwd, $env);
    $temp_dir = '';
    $env = $ENV{PERL_INLINE_DIRECTORY} || '';
    $home = $ENV{HOME} ? abs_path($ENV{HOME}) : '';

    if ($env and
        -d $env and
        -w $env) {
        $temp_dir = $env;
    }
    ...

Why is the check '-w $env' made there, at the beginning? Of course, if something really
must be compiled, it must be writable, but not in any use case, like
ours.

	matthias

-- 
Matthias Apitz, ‚úČ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba
instead of Nazis, to live instead of to survive.

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About