develooper Front page | perl.perl5.porters | Postings from September 2014

Re: fix for CVE-2014-4330 present in blead

Thread Previous | Thread Next
From:
Greg Lindahl
Date:
September 21, 2014 20:38
Subject:
Re: fix for CVE-2014-4330 present in blead
Message ID:
20140921203816.GC23207@bx9.net
On Thu, Sep 18, 2014 at 11:02:28PM +0200, demerphq wrote:
> On 18 September 2014 20:29, Father Chrysostomos <sprout@cpan.org> wrote:
> > We have introduced a backward-incompatible change here.
>
> True, but DD is primarily intended as a debugging tool, I doubt it will
> matter. (And if people are using it a serialization tool then they need
> their head examined -- and that is coming from the guy that wrote
> Data::Undump which makes it actually possible to more or less safely
> deserialize a DD dump without using eval.)

Some people have a different idea of what debugging is. We use DD for
an interactive debugger designed to be able to send messages to our
long-lived daemons in production to find out their state. One of these
functions is to inspect a variable that's been registered with the debugger:

U:athena [athena@s-401-1 ~]$ pmdebug -h s-401-2 -p heartbeat -i asdf
s-401-2:8400 (heartbeat) asdf not registered or is undef. registered vars:
[...]
  self
  start_time
[...]

U:athena [athena@s-401-1 ~]$ pmdebug -h s-401-2 -p heartbeat -i start_time
s-401-2:8400 (heartbeat) inspect start_time
  $VAR1 = \"1410811247";

or even this, which is looking at $self->{pms_child_ping}->{'pm_ram -p 8437 udp'}

U:athena [athena@s-401-1 ~]$ pmdebug -h s-401-2 -p heartbeat -i 'self.pms_child_ping.pm_ram -p 8437 udp'
s-401-2:8400 (heartbeat) inspect self.pms_child_ping.pm_ram -p 8437 udp
  0.00490689277648926

DD is used to form the string reply to the debugging message. In order
to make this function safe in production, where we have gigabytes of
data structures, it's necessary to prevent DD from forming a string
that's too big. We can't spend too much cpu time on debugging in a
production daemon. We had to add a size limit to DD's output. Which
was pretty painful; if it's over the size limit, it would be nice to
have partial output instead of nothing. So we can't just call
Devel::Size before calling DD.

BTW, the existing security solution being different for DD::PP and
DD::XS is unfortunate; it's better if PP and XS are equivalent.


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About