WWW::Spyder
Javascript tricks
serial() join function
Smart quotes
Text to Excel
Developing Featherweight Web Services with JavaScript
Class::DBI related deep recursion problem
A fatal error happens on object update. The problem is you’re setting/resetting the primary key. Don’t.
Deep recursion on anonymous subroutine at /usr/local/lib/perl5/site_perl/5.8.4/Class/DBI.pm line 852. Deep recursion on subroutine "Class::DBI::get" at /usr/local/lib/perl5/site_perl/5.8.3/Class/Accessor.pm line 350. Deep recursion on subroutine "Class::DBI::_flesh" at /usr/local/lib/perl5/site_perl/5.8.4/Class/DBI.pm line 840.
Apache2 & Perl 5.8 on OS X: Insecure…while running setgid
When my hard-drive was destroyed by an Apple firm-ware update I decided it was a sign from the void to upgrade and started from scratch with Perl 5.008006, MySQL 4, Apache2 and mod_perl2.
Everything went from ./Configure to make
install without a hitch. Easier than any installations I’ve
ever had before. Starting from scratch simply rules. When I fired up
Apache, though, I got nothing but 500s and a ton of backtalk from
previously cooperative CGIs.
Insecure $ENV{PATH} while running setgid
Insecure dependency in chdir while running setgid
Insecure dependency in eval while running setgid
...and so on... I have a dozen or so utility CGIs that I run on a closed localhost. Therefore they have no need to be particularly secure since they’re just aggregating and prettying things I’d do at the command line otherwise.
I went through tons of docs, reinstalled Perl, played with untainting
(a miserable affair) a few File::Find scripts, and was finally just
going to turn the server over from nobody to my own user
ID when I rediscovered the following in the httpd.cnf.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User nobody Group #-1
Not being a kernel level programmer I left the default alone when I installed Apache2, but a quick swap out like so solved the problem. My old CGIs sprang back to life.
User nobody Group nobody
Remember, if you don’t already know, this didn’t make anything secure. It just allowed me to continue using some insecure scripts in a secure (closed) environment.