{"id":10,"date":"2005-05-24T05:56:02","date_gmt":"2005-05-24T09:56:02","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/rlucastemp\/2005\/05\/24\/bug-mailmailer-mailinternet-and-mi"},"modified":"2005-05-24T05:56:02","modified_gmt":"2005-05-24T09:56:02","slug":"bug-mailmailer-mailinternet-and-mimeentity-fork-eval-oddity","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/2005\/05\/24\/bug-mailmailer-mailinternet-and-mimeentity-fork-eval-oddity\/","title":{"rendered":"[BUG] Mail::Mailer, Mail::Internet, and MIME::Entity fork \/ eval oddity"},"content":{"rendered":"<p><a name='a73'><\/a><\/p>\n<p>The Perl module Mail::Mailer, and those modules that rely upon it (at<br \/>\nleast, Mail::Internet and MIME::Entity), have an undocumented fork that<br \/>\ncan wreak havoc with your code if you call the send() method within an<br \/>\neval \\&#123;\\&#125; block.&nbsp; The solution is to either be very anal about<br \/>\nchecking for PIDs or to use a different means for sending your<br \/>\nmessages, like MIME::Lite.<\/p>\n<p>Briefly, the problem is that the sending procedure forks, using the<br \/>\nopen(&#8220;|-&#8220;) idiom to create a filehandle for writing to the child, which<br \/>\nimmediately exec()&#8217;s a sendmail (or whatever) process.&nbsp; The parent<br \/>\nreturns the filehandle, to which is printed the message; the filehandle<br \/>\nis then closed for final sending (this is all hidden in the<br \/>\nMail::Internet and MIME::Entity classes&#8217; send() method).&nbsp; However,<br \/>\nif you are running in taint mode with an insecure path (for one<br \/>\nexample), the exec() will fail in the child and will die.<\/p>\n<p>If you were running this in an eval \\&#123;\\&#125; block, and didn&#8217;t account for<br \/>\nthe possibility of a fork within the eval\\&#123;\\&#125;, you could find that both<br \/>\ncode paths &#8212; the success AND the failure code blocks &#8212; get<br \/>\nexecuted.&nbsp; Since this is often done for db transactions or other<br \/>\nthings that might be shared external resources, this could lead to some<br \/>\nnasty race conditions.<\/p>\n<p>In defense of Mail::Mailer, it is *technically* the job of the coder to<br \/>\ncheck on forks, but this argument ad absurdum would have every line<br \/>\nthat calls module code wrapped in an elaborate eval with checking of<br \/>\nthe PIDs.&nbsp; Clearly not OK.<\/p>\n<p>I have explained this bug and opened it up to discussion on<br \/>\nperlmonks.org, at http:\/\/perlmonks.org\/index.pl?node_id=459739 and have<br \/>\nreported the bug in Mail::Mailer under the MailTools distribution at<br \/>\nhttp:\/\/rt.cpan.org\/NoAuth\/Bug.html?id=12890<\/p>\n<p>The workaround at present is to either 1. obsessively check the PIDs<br \/>\nbefore and after the eval, or 2. use MIME::Lite, which appears not to<br \/>\nfork.&nbsp; NOT a valid workaround would be to ignore this becaues your<br \/>\nexec() hasn&#8217;t died yet or to turn off taint mode.<\/p>\n<p><a href='http:\/\/perlmonks.org\/index.pl?node_id=459739'>[BUG] Mail::Mailer, Mail::Internet, and MIME::Entity fork \/ eval oddity &#8230;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Perl module Mail::Mailer, and those modules that rely upon it (at least, Mail::Internet and MIME::Entity), have an undocumented fork that can wreak havoc with your code if you call the send() method within an eval \\&#123;\\&#125; block.&nbsp; The solution is to either be very anal about checking for PIDs or to use a different [&hellip;]<\/p>\n","protected":false},"author":1180,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts\/10","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/users\/1180"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/comments?post=10"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts\/10\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/media?parent=10"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/categories?post=10"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/tags?post=10"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}