Bug#781120: perl: handling of non-readable directories on @INC
Dominic Hargreaves
dom at earth.li
Wed Mar 25 18:29:20 UTC 2015
On Tue, Mar 24, 2015 at 10:04:15PM +0200, Niko Tyni wrote:
> Bug #780830 against spamassassin highlights a 5.18 change in
> handling non-readable directories on @INC.
>
> In wheezy (Perl 5.14), 'require' (and therefore 'use' as well) would
> skip such entries when searching for modules. The current jessie (5.20)
> behaviour will croak on them:
>
> % perl -I/root -e 'require strict'
> Can't locate strict.pm: Permission denied at -e line 1.
>
> This may have unfortunate effects if site directories in /usr/local
> are not world readable for some reason. The #780830 reporter
> had at least one such directory (/usr/local/lib/site_perl), but
> it's currently unknown where that came from.
>
> It seems possible to me that /usr/bin/cpan has at some point created such
> directories in some configurations, but I haven't really investigated
> this. If somebody has non-world-readable @INC directories in /usr/local
> and can trace their origins, reports would be welcome. Cc'ing the
> debian-perl for likely candidates.
No specific ideas on this, sorry - but any number of tools could have
done this at various points, either intentionally or respecting the
user's umask.
> Backporting upstream commit
> http://perl5.git.perl.org/perl.git/commit/e2ce0950e5e4b86c6fcbc488c37dd61d082b3e0d
> from 5.21.7 would help a bit as it improves the diagnostics in the
> error message by reporting the name of the directory missing permissions.
> I'm inclined to add this for jessie but I'd welcome other opinions on this.
Yes, I'm in favour of this too - this is probably all we can do in the perl
package in terms of resolving this.
> Mentioning this in the release notes might also make sense.
Yep. Volunteers for this part welcome!
> Filing as 'serious' for now as I suppose this can be considered a regression
> from wheezy.
I can work on a new perl package tomorrow afternoon; I also need to include
the remaining versioned Breaks on packages depending on perl-modules.
Dominic.
More information about the Perl-maintainers
mailing list