NB: These pages were mostly written in 2001 or so. The résumé dates are accurate but the code is aged and unlike whiskey, 8 year-old code doesn't usually taste better. For a look at my current skills and to see my CPAN modules, sample code, and code discussions, please see these pages instead: Perl resources and sample code and PangyreSoft.
A solution list for quasi-obscure problems
Social links
View Ashley Pond V's profile on LinkedIn
Miscellaneous

Other pages

Class::DBI related deep recursion problem

A fatal error happens on object update. The problem is you’re setting/resetting the primary key. Don’t.

Symptoms of problem
Deep recursion on anonymous subroutine at 
/usr/local/lib/perl5/site_perl/5.8.4/Class/DBI.pm line 852.
Deep recursion on subroutine "Class::DBI::get" at 
/usr/local/lib/perl5/site_perl/5.8.3/Class/Accessor.pm line 350.
Deep recursion on subroutine "Class::DBI::_flesh" at 
/usr/local/lib/perl5/site_perl/5.8.4/Class/DBI.pm line 840.

Apache2 & Perl 5.8 on OS X: Insecure…while running setgid

When my hard-drive was destroyed by an Apple firm-ware update I decided it was a sign from the void to upgrade and started from scratch with Perl 5.010000, MySQL 4, Apache2 and mod_perl2.

Everything went from ./Configure to make install without a hitch. Easier than any installations I’ve ever had before. Starting from scratch simply rules. When I fired up Apache, though, I got nothing but 500s and a ton of backtalk from previously cooperative CGIs.

Symptoms of problem
Insecure $ENV{PATH} while running setgid
Insecure dependency in chdir while running setgid
Insecure dependency in eval while running setgid
 ...and so on...

I have a dozen or so utility CGIs that I run on a closed localhost. Therefore they have no need to be particularly secure since they’re just aggregating and prettying things I’d do at the command line otherwise.

I went through tons of docs, reinstalled Perl, played with untainting (a miserable affair) a few File::Find scripts, and was finally just going to turn the server over from nobody to my own user ID when I rediscovered the following in the httpd.cnf.

Cause
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group #-1 on these systems!
#
User nobody
Group #-1

Not being a kernel level programmer I left the default alone when I installed Apache2, but a quick swap out like so solved the problem. My old CGIs sprang back to life.

Solution
User nobody
Group nobody

Remember, if you don’t already know, this didn’t make anything secure. It just allowed me to continue using some insecure scripts in a secure (closed) environment.

Search these pages via Google
Text, original code, fonts, and graphics ©1990-2009 Ashley Pond V.