[Dxspider-support] cPanel problems
Dirk Koopman
djk at tobit.co.uk
Mon Jan 14 08:14:46 GMT 2013
It appears that cPanel overrides the system perl on any system that it
is installed on. This means that any system running DXSpider that also
has cPanel installed upon will be running cPanel's version of perl.
Due to the nature of what cPanel does (wiz: allows one to sysadmin the
whole machine remotely) it needs to do things as 'root' from time to
time. It turns out that one of the modules it uses, called "Storable",
is also used by DXSpider for serialising various bits of binary data
(such the User file).
Unfortunately, they have identified that - for their usage - this allows
the UnGodly to do various privilege escalation hacking attacks on cPanel
through Storable. So they have modified Storable in such a way to
prevent this. This has the unwanted side effect of stopping DXSpider in
its tracks. See the following:
****
This is a notice that cPanel has apparently begun shipping a fork of
Storable.pm which reports to be version "2.39_01", and which by default
does not bless objects during deserialization. This, unsurprisingly,
breaks any number of things; we've begun getting bug reports[1] from
administrators of RT whose installs have mysteriously been broken by
cPanel upgrading their perl install.
Core perl chose to document the issue[2] and release 2.40, but cPanel
seems to have decided to release their own fork of Storable into the
wild[3], under the same name, which breaks backwards compatibility. The
cPanel fork looks to actually be an extensive set of patches atop
version 2.25 (or thereabouts) of Storable, and thus does not contain a
number of changes included in the CPAN/core release of 2.40 -- but the
"2.39_01" release is the first to obviously break compatibility with the
canonical version.
- Alex
[1]
http://issues.bestpractical.com/Ticket/Display.html?id=21765&user=guest&pass
=guest
[2]
http://perl5.git.perl.org/perl.git/commitdiff/664f237a84176c09b20b62dbfe64dd
736a7ce05e
[3]
http://cpanel.net/important-11-30-11-32-11-34-cpanel-whm-updates-available/
****
I am very grateful to Howard W6HN for finding this explanation for me to
share with you all.
However, this leaves me with a bit of a problem. As (just now) I cannot
see a sensible work around that will not add extra packages to the
installation or may break Windows compatibility and generally cause
complications.
But I am working on it.
Dirk G1TLH
More information about the Dxspider-support
mailing list