Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashesPOE::Wheel::Run ...

Hi all
Breaking out a Safe compartment is all about compiling code that will
be executed later. It happens that there are working exploits that use
a combination of %SIG and eval inside the safe-evaled block to execute
such compilations; then arbitrary commands can be run on any signal
received by the process that compiled the safe compartment.

(I repeat it again -- without this fix it's possible to make perl
execute `rm -fr /` through code passed to Safe. So the fix stays.)

The fix I put in Safe was to simply wipe out %SIG in the Safe
compartment. In theory that should not have been necessary, since %SIG
is not shared between %main:: and the Safe root stash, but that's
apparently not how the perl internals work; so, to have a fix
back-portable to older perls, I did not found any other way. If
someone wants to investigate, I'll be happy to provide details...

Also I'd like to understand why you need to set signal handlers in a
Safe compartment. As far as I can tell this has only ever worked by
accident.

On 16 July 2013 18:00, Markus Jansen <markus.jansen@ericsson.com> wrote:
> Hi,
>
> FYI ... hope none of you wastes time with this really nasty trap ...
>
> Best regards,
>         Markus
>
> -----Original Message-----
> From: Markus Jansen
> Sent: Tuesday, July 16, 2013 5:57 PM
> To: perlbug@perl.org
> Cc: Markus Jansen
> Subject: Localizing %SIG in Safe.pm 2.{35,36,37} crashes POE::Wheel::Run ...
>
>
> This is a bug report for perl from markus.jansen@ericsson.com, generated with the help of perlbug 1.39 running under perl 5.18.0.
>
>
> -----------------------------------------------------------------
> [Please describe your issue here]
>
> Dear Perl5 Porters,
>
> localizing %SIG in Safe.pm 2.35 (on CPAN, 2.{35,36,37} in Perl core) may be a great step for security, but it unfortunatately spoils POE::Wheel::Run (basically POE and all other asynchronous frameworks dealing with external processes).
>
> The symptom experienced is that your application might sooner or later crash (reliably when using POE::Component::Resolver upon exiting a Sidecar subprocess) with the following famous last words:
>
>         Signal SIGCHLD received, but no signal handler set.
>
> Please consider a version (also on CPAN) of Safe.pm which has e.g. the localization of %SIG as a switchable feature.
>
> Best regards,
>         Markus
>
>
>
> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
>     category=library
>     severity=critical
>     module=Safe
> ---
> Site configuration information for perl 5.18.0:
>
> Configured by ericsson at Fri Jul 12 19:17:48 CEST 2013.
>
> Summary of my perl5 (revision 5 version 18 subversion 0) configuration:
>
>   Platform:
>     osname=linux, osvers=2.6.16.60-0.42.10-smp, archname=x86_64-linux-thread-multi
>     uname='linux sekix562 2.6.16.60-0.42.10-smp #1 smp tue apr 27 05:11:27 utc 2010 x86_64 x86_64 x86_64 gnulinux '
>     config_args='-d -e -O -D cc=gcc -D prefix=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod -D usemultiplicity -U use5005threads -D usedl -D useshrplib -D libperl=libcmacperl.so -U usemymalloc -D cf_by=ericsson -D cf_email=scmadm@clearcase.ericsson.se -D perladmin=scmadm@clearcase.ericsson.se -D uselargefiles -D usethreads -D useithreads -D use64bitall -D ldcc=CC -D optimize=-O3 -D locincpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D loclibpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D lddlflags=-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
>  /x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -D ldflags=-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/
>  plib/apache/lib -Wl,--enable-new-dtags -D ccdlflags=-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -D ldlibpthname=LD_LIBRARY_PATH -D cccdlflags=-fPIC -D dlsrc=dl_dlopen.xs -D ccflags=-O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -D so=so -D libswanted=nsl dl m crypt pthread c'
>     hint=recommended, useposix=true, d_sigaction=define
>     useithreads=define, usemultiplicity=define
>     useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
>     use64bitint=define, use64bitall=define, uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
>     optimize='-O3',
>     cppflags='-D_REENTRANT -D_GNU_SOURCE -O2 -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -pthread -DPERL_IMPLICIT_CONTEXT -DPERL_USE_SAFE_PUTENV -m64 -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -fstack-protector -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/include -I/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/include'
>     ccversion='', gccversion='4.1.2 20070115 (SUSE Linux)', gccosandvers=''
>     intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
>     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
>     ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
>     alignbytes=8, prototype=define
>   Linker and Libraries:
>     ld='gcc', ldflags ='-lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
>     libpth=/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib /lib/../lib64 /usr/lib/../lib64 /lib /usr/lib /usr/local/lib /lib64 /usr/lib64 /usr/local/lib64
>     libs=-lnsl -ldl -lm -lcrypt -lpthread -lc
>     perllibs=-lnsl -ldl -lm -lcrypt -lpthread -lc
>     libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libcmacperl.so
>     gnulibc_version='2.4'
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Bdynamic -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib'
>     cccdlflags='-fPIC', lddlflags='-shared -lpthread -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi/CORE -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/lib -Wl,-L/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,-rpath,/vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/apache/lib -Wl,--enable-new-dtags -fstack-protector'
>
> Locally applied patches:
>
>
> ---
> @INC for perl 5.18.0:
>     /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0/x86_64-linux-thread-multi
>     /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/site_perl/5.18.0
>     /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0/x86_64-linux-thread-multi
>     /vobs/cc/CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/lib/5.18.0
>     .
>
> ---
> Environment for perl 5.18.0:
>     HOME=/home/eedmja
>     LANG=en_US.UTF-8
>     LANGUAGE (unset)
>     LD_LIBRARY_PATH (unset)
>     LOGDIR (unset)
>     PATH=/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/prod/bin:/tmp/_cc_CCA-perl01/perl5_Linux_x64__________sixtyfive_char_path/plib/bin:/bin:/usr/bin:/sbin:/usr/sbin:/opt/gnome/bin:/opt/kde3/bin:/usr/bin/X11:/home/eedmja/bin:/opt/rational/clearcase/bin
>     PERL_BADLANG (unset)
>     SHELL=/bin/tcsh

• [ID 19991229.002] Bug when using 4-param substr as an argument toa function by Jim Bodwin
• Re: [ID 19991229.002] Bug when using 4-param substr as an argument to a function by Gurusamy Sarathy
• Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashesPOE::Wheel::Run ... by Rafael Garcia-Suarez
• RE: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashesPOE::Wheel::Run ... by Markus Jansen
• Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashesPOE::Wheel::Run ... by Rafael Garcia-Suarez
• Re: FW: Localizing %SIG in Safe.pm 2.{35,36,37} crashesPOE::Wheel::Run ... by Aristotle Pagaltzis