Skip Menu |
 

This queue is for tickets about the Text-MicroMason CPAN distribution.

Report information
The Basics
Id: 57797
Status: resolved
Priority: 0/
Queue: Text-MicroMason

People
Owner: FERRENCY [...] cpan.org
Requestors: ntyni [...] iki.fi
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 2.09
Fixed in: (no value)



Subject: Safe-2.27 breaks t/32-safe.t
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 972
Download (untitled) / with headers
text/plain 972b
Recent CPAN tester failures, for example this: http://www.cpantesters.org/cpan/report/07267833-b19f-3f77-b713-d32bba55d77f are caused by Safe.pm 2.27, which now wraps code refs returned from reval(). The symptoms are errors like Can't locate package Class::MixinFactory::HasAFactory for @Text::MicroMason::Base::AUTO::Safe_HTMLMason::ISA at blib/lib/Text/MicroMason/Safe.pm line 39. Can't locate package Class::MixinFactory::NEXT for @Text::MicroMason::Base::AUTO::Safe_HTMLMason::ISA at blib/lib/Text/MicroMason/Safe.pm line 39. (in cleanup) MicroMason execution failed: Can't locate object method "execute" via package "Text::MicroMason::Base::AUTO::Safe_HTMLMason" (perhaps you forgot to load "Text::MicroMason::Base::AUTO::Safe_HTMLMason"?) at blib/lib/Text/MicroMason/Safe.pm line 39. As Safe-2.27 is bundled with Perl 5.12.1, this will bite quite many people. Thanks for your work on Text-MicroMason, -- Niko Tyni (Debian Perl Group) ntyni@debian.org
From alan [...] ferrency.com Mon May 24 17: 15:32 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100524170711.E7418 [...] ferrency.com>
Content-Type: TEXT/PLAIN; charset="utf-8"; format="flowed"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 9F35324073E for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Mon, 24 May 2010 17:15:32 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C961fMfAm0PX for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Mon, 24 May 2010 17:15:28 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 9C4992406EC for <bug-Text-MicroMason [...] rt.cpan.org>; Mon, 24 May 2010 17:15:27 -0400 (EDT)
Received: (qmail 11855 invoked by uid 103); 24 May 2010 21:16:06 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 24 May 2010 21:16:06 -0000
Received: from mail8.sea5.speakeasy.net (HELO mail8.sea5.speakeasy.net) (69.17.117.53) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 24 May 2010 14:16:03 -0700
Received: (qmail 11231 invoked from network); 24 May 2010 21:16:00 -0000
Received: from dsl093-061-113.pit1.dsl.speakeasy.net (HELO [10.6.64.10]) (ferrency [...] [66.93.61.113]) (envelope-sender <alan [...] ferrency.com>) by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <bug-Text-MicroMason [...] rt.cpan.org>; 24 May 2010 21:15:59 -0000
Delivered-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #57797] Safe-2.27 breaks t/32-safe.t
Return-Path: <alan [...] ferrency.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-micromason
Date: Mon, 24 May 2010 17:15:51 -0400 (EDT)
X-Spam-Level:
To: "ntyni [...] iki.fi via RT" <bug-Text-MicroMason [...] rt.cpan.org>
From: alan [...] ferrency.com
RT-Message-ID: <rt-3.8.HEAD-6784-1274735773-1334.57797-0-0 [...] rt.cpan.org>
Content-Length: 2147
Hi, The limitation I'm facing here seems to be that code executed within a Safe compartment doesn't seem to be able to call methods on objects that are stored in lexical variables (in this case, variables lexically enclosed within a coderef). It looks like those objects can't see any of the code in packages they're supposed to be inheriting from. The intent of the MicroMason code that was broken here is to expose only a limited subset of an object's methods to the interior of the Safe container. Do you know if there is any official way to do this correctly with Safe? I'm sorry I didn't pay attention to these bug reports earlier, I forgot that 5.12 was actually released :) Thanks for your help, Alan On Mon, 24 May 2010, ntyni@iki.fi via RT wrote: Show quoted text
> Mon May 24 07:50:36 2010: Request 57797 was acted upon. > Transaction: Ticket created by ntyni@iki.fi > Queue: Text-MicroMason > Subject: Safe-2.27 breaks t/32-safe.t > Broken in: 2.09 > Severity: Important > Owner: Nobody > Requestors: ntyni@iki.fi > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57797 > > > > Recent CPAN tester failures, for example this: > > http://www.cpantesters.org/cpan/report/07267833-b19f-3f77-b713-d32bba55d77f > > are caused by Safe.pm 2.27, which now wraps code refs returned from reval(). > > The symptoms are errors like > > Can't locate package Class::MixinFactory::HasAFactory for > @Text::MicroMason::Base::AUTO::Safe_HTMLMason::ISA at > blib/lib/Text/MicroMason/Safe.pm line 39. > Can't locate package Class::MixinFactory::NEXT for > @Text::MicroMason::Base::AUTO::Safe_HTMLMason::ISA at > blib/lib/Text/MicroMason/Safe.pm line 39. > (in cleanup) MicroMason execution failed: Can't locate object > method "execute" via package > "Text::MicroMason::Base::AUTO::Safe_HTMLMason" (perhaps you forgot to > load "Text::MicroMason::Base::AUTO::Safe_HTMLMason"?) at > blib/lib/Text/MicroMason/Safe.pm line 39. > > > As Safe-2.27 is bundled with Perl 5.12.1, this will bite quite many people. > > Thanks for your work on Text-MicroMason, > -- > Niko Tyni (Debian Perl Group) > ntyni@debian.org >
From ntyni [...] cc.helsinki.fi Tue May 25 05: 10:31 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6784-1274735776-138.57797-6-0 [...] rt.cpan.org>
Content-Disposition: inline
X-Spam-Flag: NO
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-138.57797-6-0 [...] rt.cpan.org>
X-Antivirus: VAMS
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100525091056.GA27720 [...] madeleine.local.invalid>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id BE83E2407C9 for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 05:10:31 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pno9M-I8pqeL for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 05:10:25 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id A3202240718 for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 05:10:24 -0400 (EDT)
Received: (qmail 4062 invoked by uid 103); 25 May 2010 09:11:03 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 25 May 2010 09:11:03 -0000
Received: from emh02.mail.saunalahti.fi (HELO emh02.mail.saunalahti.fi) (62.142.5.108) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Tue, 25 May 2010 02:11:01 -0700
Received: from saunalahti-vams (vs3-11.mail.saunalahti.fi [62.142.5.95]) by emh02-2.mail.saunalahti.fi (Postfix) with SMTP id 9249CEF348 for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 12:10:57 +0300 (EEST)
Received: from emh01.mail.saunalahti.fi ([62.142.5.107]) by vs3-11.mail.saunalahti.fi ([62.142.5.95]) with SMTP (gateway) id A0430B86D50; Tue, 25 May 2010 12:10:57 +0300
Received: from madeleine.local.invalid (a91-156-179-41.elisa-laajakaista.fi [91.156.179.41]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id 84226404C for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 12:10:56 +0300 (EEST)
Received: from niko by madeleine.local.invalid with local (Exim 4.71) (envelope-from <ntyni [...] cc.helsinki.fi>) id 1OGqA4-0005BC-8q for bug-Text-MicroMason [...] rt.cpan.org; Tue, 25 May 2010 12:10:56 +0300
Delivered-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #57797] Safe-2.27 breaks t/32-safe.t
User-Agent: Mutt/1.5.20 (2009-06-14)
Return-Path: <ntyni [...] cc.helsinki.fi>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-micromason
Date: Tue, 25 May 2010 12:10:56 +0300
X-Spam-Level:
To: "alan [...] ferrency.com via RT" <bug-Text-MicroMason [...] rt.cpan.org>
Content-Transfer-Encoding: quoted-printable
From: Niko Tyni <ntyni [...] iki.fi>
RT-Message-ID: <rt-3.8.HEAD-6776-1274778673-785.57797-0-0 [...] rt.cpan.org>
Content-Length: 896
Download (untitled) / with headers
text/plain 896b
On Mon, May 24, 2010 at 05:16:21PM -0400, alan@ferrency.com via RT wrote: Show quoted text
Show quoted text
> The limitation I'm facing here seems to be that code executed within a > Safe compartment doesn't seem to be able to call methods on objects that > are stored in lexical variables (in this case, variables lexically > enclosed within a coderef). It looks like those objects can't see any of > the code in packages they're supposed to be inheriting from. > > The intent of the MicroMason code that was broken here is to expose only > a limited subset of an object's methods to the interior of the Safe > container. Do you know if there is any official way to do this correctly > with Safe?
Sorry, I can't really say offhand, nor can I find a solution easily. I suppose you could ask the Safe maintainer Rafaël Garcia-Suarez. -- Niko Tyni ntyni@debian.org
From alan [...] ferrency.com Tue May 25 11: 28:46 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6776-1274778674-726.57797-5-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-138.57797-6-0 [...] rt.cpan.org> <20100525091056.GA27720 [...] madeleine.local.invalid> <rt-3.8.HEAD-6776-1274778674-726.57797-5-0 [...] rt.cpan.org>
X-Virus-Checked: Checked by ClamAV on 16.mx.develooper.com
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100525112619.U7418 [...] ferrency.com>
X-Spam-Score: -10.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 1721E2407C9 for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 11:28:46 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ba49iEzl76g5 for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 11:28:41 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 5C62324075D for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 11:28:41 -0400 (EDT)
Received: (qmail 8321 invoked by uid 103); 25 May 2010 15:29:20 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 25 May 2010 15:29:20 -0000
Received: from mail6.sea5.speakeasy.net (HELO mail6.sea5.speakeasy.net) (69.17.117.50) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Tue, 25 May 2010 08:29:18 -0700
Received: (qmail 4854 invoked from network); 25 May 2010 15:29:15 -0000
Received: from dsl093-061-113.pit1.dsl.speakeasy.net (HELO [10.6.64.10]) (ferrency [...] [66.93.61.113]) (envelope-sender <alan [...] ferrency.com>) by mail6.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <bug-Text-MicroMason [...] rt.cpan.org>; 25 May 2010 15:29:15 -0000
Delivered-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #57797] Safe-2.27 breaks t/32-safe.t
Return-Path: <alan [...] ferrency.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-micromason
Date: Tue, 25 May 2010 11:29:07 -0400 (EDT)
X-Spam-Level:
To: "ntyni [...] iki.fi via RT" <bug-Text-MicroMason [...] rt.cpan.org>
From: alan [...] ferrency.com
RT-Message-ID: <rt-3.8.HEAD-6786-1274801368-766.57797-0-0 [...] rt.cpan.org>
Content-Type: TEXT/PLAIN; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-Length: 1626
Download (untitled) / with headers
text/plain 1.5k
Do you use the safe_methods feature of Text::MicroMason? I'm afraid that I may have to stop supporting it, or stop supporting it in a truly safe way. I'm not sure if the problem in actual practice is that safe_methods doesn't work, or if the problem is that some tests fail and they need to stop yelling. It's hard to know what to do with this without knowing how it is being used. But I think it will be very hard or impossible to get safe_methods to work within the new version of Safe, since safe_methods isn't actually very safe. Thanks, Alan On Tue, 25 May 2010, ntyni@iki.fi via RT wrote: Show quoted text
> Queue: Text-MicroMason > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57797 > > > On Mon, May 24, 2010 at 05:16:21PM -0400, alan@ferrency.com via RT wrote: >
>> The limitation I'm facing here seems to be that code executed within a >> Safe compartment doesn't seem to be able to call methods on objects that >> are stored in lexical variables (in this case, variables lexically >> enclosed within a coderef). It looks like those objects can't see any of >> the code in packages they're supposed to be inheriting from. >> >> The intent of the MicroMason code that was broken here is to expose only >> a limited subset of an object's methods to the interior of the Safe >> container. Do you know if there is any official way to do this correctly >> with Safe?
> > Sorry, I can't really say offhand, nor can I find a solution easily. > > I suppose you could ask the Safe maintainer Rafaël Garcia-Suarez. > -- > Niko Tyni ntyni@debian.org > > >
From simonm [...] cavalletto.org Tue May 25 11: 38:40 2010
MIME-Version: 1.0 (Apple Message framework v1078)
X-Spam-Status: No, score=-10.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6784-1274735776-537.57797-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.1078)
X-Spam-Flag: NO
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-537.57797-5-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Content-Type: text/plain; charset="utf-8"
Message-ID: <B0E1539F-BAA3-46AB-9CC2-4AA21429A1A4 [...] cavalletto.org>
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 6096624075D for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 11:38:40 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEV-I+0uxUDE for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Tue, 25 May 2010 11:38:38 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 4665124072A for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 11:38:37 -0400 (EDT)
Received: (qmail 9779 invoked by uid 103); 25 May 2010 15:39:17 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 25 May 2010 15:39:17 -0000
Received: from mail2.panix.com (HELO mail2.panix.com) (166.84.1.73) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Tue, 25 May 2010 08:39:15 -0700
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by mail2.panix.com (Postfix) with ESMTP id 48A9338E43 for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 11:39:12 -0400 (EDT)
Received: from [10.0.1.7] (cpe-69-204-244-93.nyc.res.rr.com [69.204.244.93]) by mailbackend.panix.com (Postfix) with ESMTP id DFC3D2FAF8 for <bug-Text-MicroMason [...] rt.cpan.org>; Tue, 25 May 2010 11:39:11 -0400 (EDT)
Delivered-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #57797] Safe-2.27 breaks t/32-safe.t
Return-Path: <simonm [...] cavalletto.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-micromason
Date: Tue, 25 May 2010 11:39:11 -0400
X-Spam-Level:
To: bug-Text-MicroMason [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Matthew Simon Ryan Cavalletto <simonm [...] cavalletto.org>
RT-Message-ID: <rt-3.8.HEAD-6774-1274801961-272.57797-0-0 [...] rt.cpan.org>
Content-Length: 1228
Download (untitled) / with headers
text/plain 1.1k
On May 24, 2010, at 5:16 PM, alan@ferrency.com via RT wrote: Show quoted text
> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57797 > > > The limitation I'm facing here seems to be that code executed within a > Safe compartment doesn't seem to be able to call methods on objects that > are stored in lexical variables (in this case, variables lexically > enclosed within a coderef). It looks like those objects can't see any of > the code in packages they're supposed to be inheriting from. > > The intent of the MicroMason code that was broken here is to expose only > a limited subset of an object's methods to the interior of the Safe > container. Do you know if there is any official way to do this correctly > with Safe?
I spent a few minutes looking into this yesterday, and at first glance it looks like Safe::Hole would do what we need: cause the anonymous subroutine references constructed on line 39 of Text::MicroMason::Safe to be executed in the main compartment rather than inside the safe compartment. I haven't used Safe::Hole before, so it'll take some trial and error, and it might turn out that Safe::Hole doesn't work with the latest version of Safe, but other than that it seems workable in theory... -Simon
From alan [...] ferrency.com Wed May 26 12: 59:46 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-6774-1274801962-1587.57797-5-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-537.57797-5-0 [...] rt.cpan.org> <B0E1539F-BAA3-46AB-9CC2-4AA21429A1A4 [...] cavalletto.org> <rt-3.8.HEAD-6774-1274801962-1587.57797-5-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100526125843.R7418 [...] ferrency.com>
Content-Type: TEXT/PLAIN; charset="utf-8"; format="flowed"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 5E043240807 for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Wed, 26 May 2010 12:59:46 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msndvX-K77OA for <cpan-bug+Text-MicroMason [...] hipster.bestpractical.com>; Wed, 26 May 2010 12:59:44 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 347B52407F0 for <bug-Text-MicroMason [...] rt.cpan.org>; Wed, 26 May 2010 12:59:43 -0400 (EDT)
Received: (qmail 4932 invoked by uid 103); 26 May 2010 17:00:24 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 26 May 2010 17:00:24 -0000
Received: from mail7.sea5.speakeasy.net (HELO mail7.sea5.speakeasy.net) (69.17.117.52) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Wed, 26 May 2010 10:00:22 -0700
Received: (qmail 32232 invoked from network); 26 May 2010 17:00:19 -0000
Received: from dsl093-061-113.pit1.dsl.speakeasy.net (HELO [10.6.64.10]) (ferrency [...] [66.93.61.113]) (envelope-sender <alan [...] ferrency.com>) by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <bug-Text-MicroMason [...] rt.cpan.org>; 26 May 2010 17:00:19 -0000
Delivered-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #57797] Safe-2.27 breaks t/32-safe.t
Return-Path: <alan [...] ferrency.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+Text-MicroMason [...] hipster.bestpractical.com
X-RT-Mail-Extension: text-micromason
Date: Wed, 26 May 2010 13:00:10 -0400 (EDT)
X-Spam-Level:
To: "simonm [...] cavalletto.org via RT" <bug-Text-MicroMason [...] rt.cpan.org>
From: alan [...] ferrency.com
RT-Message-ID: <rt-3.8.HEAD-10892-1274893228-1584.57797-0-0 [...] rt.cpan.org>
Content-Length: 1711
Download (untitled) / with headers
text/plain 1.6k
I'm not sure if it's a great idea to add a dependency to Safe::Hole by default. If it's possible to use Safe::Hole optionally and only if you use safe_methods, that would be preferrred. Safe::Hole does seem to pass tests with the latest Safe, but I'm not sure if it actually works or not, yet. Alan On Tue, 25 May 2010, simonm@cavalletto.org via RT wrote: Show quoted text
> Queue: Text-MicroMason > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57797 > > > On May 24, 2010, at 5:16 PM, alan@ferrency.com via RT wrote: >
>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57797 > >> >> The limitation I'm facing here seems to be that code executed within a >> Safe compartment doesn't seem to be able to call methods on objects that >> are stored in lexical variables (in this case, variables lexically >> enclosed within a coderef). It looks like those objects can't see any of >> the code in packages they're supposed to be inheriting from. >> >> The intent of the MicroMason code that was broken here is to expose only >> a limited subset of an object's methods to the interior of the Safe >> container. Do you know if there is any official way to do this correctly >> with Safe?
> > I spent a few minutes looking into this yesterday, and at first glance > it looks like Safe::Hole would do what we need: cause the anonymous > subroutine references constructed on line 39 of Text::MicroMason::Safe > to be executed in the main compartment rather than inside the safe > compartment. > > I haven't used Safe::Hole before, so it'll take some trial and error, > and it might turn out that Safe::Hole doesn't work with the latest > version of Safe, but other than that it seems workable in theory... >
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-6774-1274801961-272.57797-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-537.57797-5-0 [...] rt.cpan.org> <B0E1539F-BAA3-46AB-9CC2-4AA21429A1A4 [...] cavalletto.org> <rt-3.8.HEAD-6774-1274801961-272.57797-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-10893-1276272066-972.57797-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 965
Download (untitled) / with headers
text/plain 965b
On Tue May 25 11:39:21 2010, simonm@cavalletto.org wrote: Show quoted text
> > I spent a few minutes looking into this yesterday, and at first glance > it looks like Safe::Hole would do what we need: cause the anonymous > subroutine references constructed on line 39 of > Text::MicroMason::Safe to be executed in the main compartment > rather than inside the safe compartment. > > I haven't used Safe::Hole before, so it'll take some trial and error, > and it might turn out that Safe::Hole doesn't work with the latest > version of Safe, but other than that it seems workable in theory...
Unfortunately, Safe::Hole just looks like a candy coated Safe::varglob and/or Safe::share. I don't think it'll give us anything that Safe doesn't already provide, except some ease of use if we happen to want to do what Safe::Hole does best. However, I finally have a bit of time to look into this, so I'm going to see if there's anything else I can do about it. Alan
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-10893-1276272066-972.57797-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-57797 [...] rt.cpan.org> <rt-3.8.HEAD-6772-1274701838-1233.57797-4-0 [...] rt.cpan.org> <20100524170711.E7418 [...] ferrency.com> <rt-3.8.HEAD-6784-1274735776-537.57797-5-0 [...] rt.cpan.org> <B0E1539F-BAA3-46AB-9CC2-4AA21429A1A4 [...] cavalletto.org> <rt-3.8.HEAD-6774-1274801961-272.57797-0-0 [...] rt.cpan.org> <rt-3.8.HEAD-10893-1276272066-972.57797-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-10878-1276273874-1724.57797-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: simonm [...] cavalletto.org
Content-Length: 2126
Reading the Safe::Hole pod: It works with the new Safe, but it doesn't do what we want. Specifically, although I'm not sure I'm interpreting it correctly, this seems to be the crux: DESCRIPTION We can call outside defined subroutines from the Safe compartment using share(), or can call methods through the object that is copied into the Safe compartment using varglob(). But that subroutines or methods are executed in the Safe compartment too, so they cannot call another subroutines that are dinamically qualified with the package name such as class methods nor can they compile code that uses opcodes that are forbidden within the compartment. That is: Safe::Hole lets the Safe compartment see things outside the Safe compartment (just like share/varglob/share_from), but those things are still executed inside the safe compartment. This won't do what we want. I've tried directly using Safe's share() on the internal safe_facade coderefs which the new Safe is wrapping with "wrap_code_refs_within" but that does nothing useful, as expected, since sharing still doesn't allow code outside the Safe compartment to be called. The basic limitation here is: the entire package code for $m is unavailable inside the Safe compartment, therefore we can't call any class methods of $m within the compartment. I don't see any easy way around this. The old safe_facade arguably took advantage of a bug in Safe to work the way it did. If we wrapped the entire class structure inside the safe compartment, we could give access to $m's class hierarchy within the Safe. However, not only is this a huge undertaking, it's also the direct opposite of safe. This would allow execution of all methods defined in that class hierarchy and not only the ones that are deemed safe_methods. The only option I can see at this point is deprecating the safe_methods parameter, and disallow the use of $m within a Safe MicroMason template call. I'm open to ideas, but I am likely to implement this unfortunately draconian restriction unless a better path is revealed. Thanks, Alan
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-2911-1277826755-1087.57797-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 390
Download (untitled) / with headers
text/plain 390b
I just uploaded Text::MicroMason version 2.10. This version deprecates safe_methods, and skips tests related to it. Pod is updated with a brief description of why the deprecation was necessary. If anyone can find a suitable patch for this I will accept it, but it seems that the older versions of MicroMason were taking advantage of a bug in Safe to provide safe_methods. Thanks, Alan
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-2364-1278424592-1918.57797-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 277
Download (untitled) / with headers
text/plain 277b
This is fixed in Text::MicroMason 2.10. A bug in Safe.pm causes the Safe 2.27 test suite to fail under Perl 5.13.1 and Perl 5.13.2; that bug also causes MicroMason to fail t/32 and t/85. That can be dealt with in a separate ticket, if a patched Safe.pm doesn't fix it. Alan


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.