Skip Menu |

This queue is for tickets about the IPC-Cmd CPAN distribution.

Report information
The Basics
Id: 127372
Status: new
Priority: 0/
Queue: IPC-Cmd

People
Owner: Nobody in particular
Requestors: nevorotin [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Critical bug in IPC::Run
Date: Sun, 14 Oct 2018 17:53:36 +0300
To: bug-IPC-Cmd [...] rt.cpan.org
From: Vadim Nevorotin <nevorotin [...] gmail.com>
When launching run_forked IPC::Run don't do eval {} or smth similar in child process to catch all dies. So if you use run_forked in code like this: sub somesub { # ... run_forked ('program'); # ... } # ... my $a = eval { somesub } if ($@) { # do smth with $@ } you get very dangerous behavior. Both child and parent will continue to run after eval{}. The easiest way to break run_forked is to delete binary which it tries to launch, because there is no catching errors of open3! The problem is very critical because run_forked are often used inside a library functions, which can (and should!) be easily wrapped with eval to catch exceptions. Moreover, to break all program, erase or corrupt data, or even make a forkbomb you simply need to delete a binary when program already and successfully run!