[Zope-Perl] Security and CODE

Kulp, David David_Kulp@affymetrix.com
Mon, 26 Mar 2001 20:21:27 -0800 

Thanks all for helping me out.  Somehow I missed the security discussion at
the top of SampleApp (although I definitely understand how to get stock
quotes).  Casting to Python objects solves the problem nicely except when I
try to run the perl code outside of Zope.  Using Python causes a fatal
error.  I.e. "use Python;" results in

Can't load
'/usr/local/ActivePerl-5.6.1-TRIAL2/lib/site_perl/5.6.1/i686-linux-thread-mu
lti/auto/Python/Object/Object.so' for module Python::Object:
/usr/local/ActivePerl-5.6.1-TRIAL2/lib/site_perl/5.6.1/i686-linux-thread-mul
ti/auto/Python/Object/Object.so: undefined symbol: PyExc_ArithmeticError at
/usr/local/ActivePerl-5.6.1-TRIAL2/lib/5.6.1/i686-linux-thread-multi/DynaLoa
der.pm line 206.
 at
/usr/local/ActivePerl-5.6.1-TRIAL2/lib/site_perl/5.6.1/i686-linux-thread-mul
ti/Python.pm line 3
Compilation failed in require at
/usr/local/ActivePerl-5.6.1-TRIAL2/lib/site_perl/5.6.1/i686-linux-thread-mul
ti/Python.pm line 3.
Compilation failed in require at blarg.pm line 8.
BEGIN failed--compilation aborted at blarg.pm line 8.
Compilation failed in require at
/home/dkulp/Zope-2.3.0-src/Extensions/ZopeExt/blarg.pl line 1.
BEGIN failed--compilation aborted at
/home/dkulp/Zope-2.3.0-src/Extensions/ZopeExt/blarg.pl line 1.

What's even stranger is that if I run the perl debugger and type 'use
Python' I will get the above error the first time, but if I type it a second
time it will succeed!

-d

-----Original Message-----
From: Gisle Aas [mailto:gisle@ActiveState.com]
Sent: Monday, March 26, 2001 12:50 PM
To: David Kulp
Cc: zope-perl@zope.org
Subject: Re: [Zope-Perl] Security and CODE


David Kulp <David_Kulp@affymetrix.com> writes:

> My problem: I cannot get Perl scripts to return hash refs.  Returning
> references to hashes causes a security violation like
> below (why?).

I'm not sure what the end result about what needed modification to get
the SecurityManager play nice with perl hashes and perl arrays.  For
now I suggest avoid returning them if you want Python methods or DTML
to manipulate them.  Should be fine if you only pass them through.

> Similar problem with array refs.
> 
> Perl script is simple:
> 
> my %a = ('a',2);
> return \%a;

You could transform the hash into a python dict by changing the return
statement to be:

   return Python::dict(%a);

> DTML is simple:
> 
> The value is <dtml-let x="perlref()"><dtml-var
expr="x.get('a')"></dtml-let>
> 
> 
> I've studied the examples on zwiki and I believe I'm doing things
> correctly!  I've tried too many minor modifications in syntax, using
> explicit vars, etc., but no dice.
> 
> What's even stranger is that I also have an external Perl script that I've
> boiled down at this point to just "return [ 1, 2 ];" and there's a
> corresponding <dtml-let rec="func(...)"><dtml-in rec>...
> and I get the error "Error Type: PerlError.  Error Value: Not a CODE
> reference" on the <dtml-in>.  I have the same problem if I
> "return { 1, 2 }".   No problem at all when just "return 2;" with
> <dtml-let rec="func(...)"><dtml-var rec>.  

Returning Python::list() values from the Perl method should work.

--Gisle