[Dxspider-support] cPanel problems

Dirk Koopman djk at tobit.co.uk
Mon Jan 14 08:14:46 GMT 2013 

It appears that cPanel overrides the system perl on any system that it 
is installed on. This means that any system running DXSpider that also 
has cPanel installed upon will be running cPanel's version of perl.

Due to the nature of what cPanel does (wiz: allows one to sysadmin the 
whole machine remotely) it needs to do things as 'root' from time to 
time. It turns out that one of the modules it uses, called "Storable", 
is also used by DXSpider for serialising various bits of binary data 
(such the User file).

Unfortunately, they have identified that - for their usage - this allows 
the UnGodly to do various privilege escalation hacking attacks on cPanel 
through Storable. So they have modified Storable in such a way to 
prevent this. This has the unwanted side effect of stopping DXSpider in 
its tracks. See the following:

****
  This is a notice that cPanel has apparently begun shipping a fork of
Storable.pm which reports to be version "2.39_01", and which by default
does not bless objects during deserialization.  This, unsurprisingly,
breaks any number of things; we've begun getting bug reports[1] from
administrators of RT whose installs have mysteriously been broken by
cPanel upgrading their perl install.
   Core perl chose to document the issue[2] and release 2.40, but cPanel
seems to have decided to release their own fork of Storable into the
wild[3], under the same name, which breaks backwards compatibility.  The
cPanel fork looks to actually be an extensive set of patches atop
version 2.25 (or thereabouts) of Storable, and thus does not contain a
number of changes included in the CPAN/core release of 2.40 -- but the
"2.39_01" release is the first to obviously break compatibility with the
canonical version.
  - Alex

[1]
http://issues.bestpractical.com/Ticket/Display.html?id=21765&user=guest&pass
=guest
[2]
http://perl5.git.perl.org/perl.git/commitdiff/664f237a84176c09b20b62dbfe64dd
736a7ce05e
[3]
http://cpanel.net/important-11-30-11-32-11-34-cpanel-whm-updates-available/
****

I am very grateful to Howard W6HN for finding this explanation for me to 
share with you all.

However, this leaves me with a bit of a problem. As (just now) I cannot 
see a sensible work around that will not add extra packages to the 
installation or may break Windows compatibility and generally cause 
complications.

But I am working on it.

Dirk G1TLH

More information about the Dxspider-support mailing list