Re: Bug#781120: perl: handling of non-readable directories on @INC

To: 781120@bugs.debian.org
Cc: debian-perl@lists.debian.org
Subject: Re: Bug#781120: perl: handling of non-readable directories on @INC
From: Damyan Ivanov <dmn@debian.org>
Date: Thu, 26 Mar 2015 13:51:48 +0000
Message-id: <[🔎] 20150326135147.GA27711@ktnx.net>
In-reply-to: <[🔎] 20150324200415.GA19426@estella.local.invalid>
References: <[🔎] 20150324200415.GA19426@estella.local.invalid>

-=| Niko Tyni, 24.03.2015 22:04:15 +0200 |=-
> Package: perl
> Version: 5.20.2-2
> Severity: serious
> X-Debbugs-Cc: debian-perl@lists.debian.org
> 
> Bug #780830 against spamassassin highlights a 5.18 change in
> handling non-readable directories on @INC.
> 
> In wheezy (Perl 5.14), 'require' (and therefore 'use' as well) would
> skip such entries when searching for modules. The current jessie (5.20)
> behaviour will croak on them:
> 
>  % perl -I/root -e 'require strict'
>  Can't locate strict.pm:   Permission denied at -e line 1.
> 
> This may have unfortunate effects if site directories in /usr/local
> are not world readable for some reason. The #780830 reporter
> had at least one such directory (/usr/local/lib/site_perl), but
> it's currently unknown where that came from.
> 
> It seems possible to me that /usr/bin/cpan has at some point created such
> directories in some configurations, but I haven't really investigated
> this. If somebody has non-world-readable @INC directories in /usr/local
> and can trace their origins, reports would be welcome. Cc'ing the
> debian-perl for likely candidates.

Here's one way to find such directories:

 $ find /usr/local -type d -not -perm -o=rx

(returns nothing on the systems I have access to, but I don't use cpan 
to install modules in /usr/local when there's dh-make-perl)

> Backporting upstream commit
>  http://perl5.git.perl.org/perl.git/commit/e2ce0950e5e4b86c6fcbc488c37dd61d082b3e0d
> from 5.21.7 would help a bit as it improves the diagnostics in the
> error message by reporting the name of the directory missing permissions.
> I'm inclined to add this for jessie but I'd welcome other opinions on this.

The change looks safe to me and only adds value. Even if the situation 
in which the change is useful is rare, I think it will be of great 
help for those facing the problem.

> Mentioning this in the release notes might also make sense.

I'd say that mentioning the problem in the release notes is useful 
even if the patch is backported to jessie so that the surprise factor 
is smaller.


-- dam

Reply to:

References:
- Bug#781120: perl: handling of non-readable directories on @INC
  - From: Niko Tyni <ntyni@debian.org>

Prev by Date: Bug#781183: ITP: libsemver-perl -- Perl implementation of the Semantic Versioning 1.0.0 Specification
Next by Date: Debian Perl Group sprint at DebCamp 2015
Previous by thread: Bug#781120: perl: handling of non-readable directories on @INC
Next by thread: Bug#781183: ITP: libsemver-perl -- Perl implementation of the Semantic Versioning 1.0.0 Specification
Index(es):
- Date
- Thread