EPIC and taint - Scripts with -T doesn't work

jtil wrote on Sun Dec 24 03:33:12 CET 2006:

Hi,
I can't start Perl CGI-Scripts with taint mode enabled (#!/usr/bin/perl
-T) out of eclipse. I also checked the "Enable taint mode"-box in EPIC preferences
and tried to put a "-T" to the Perl Executable (same preferences window).
The script - when launched - seems to be loaded for half a second or so.
But the browser just stays on the same page and afterwards nothing happens.
The same script works great if I put it on the webserver. 
Would be great if someone could tell me what I'm doing wrong here. Til

jploski wrote on Sun Dec 24 15:26:01 CET 2006:

To pass any options to the debugger process in CGI mode, you can use the
"Perl arguments" text field on the "Arguments" tab of your launch configuration
(in menu "Run..."). However, if you pass over the option -T, you will notice
that the script won't run because of the following error (or similar):

Insecure dependency in require while running with -T switch at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/IO/Socket.pm
line 22.
Compilation failed in require at /usr/lib/perl5/5.8.1/perl5db.pl line 1549.
Compilation failed in require.
        main::BEGIN() called at /usr/lib/perl5/5.8.1/perl5db.pl line 0
        eval {...} called at /usr/lib/perl5/5.8.1/perl5db.pl line 0

The problem is that EPIC uses RemotePort in the PERLDB_OPTS environment
variable to make the debugger connect to the IDE through a TCP socket. However,
this seems to be forbidden in the taint mode. If anyone can suggest a workaround
which does not require the socket communication to be abandoned completely,
I'd be happy to implement it in EPIC.

jtil wrote on Mon Dec 25 01:51:48 CET 2006:

Thanks for your answer. Tried to reproduce the errors you mentioned by adding
-T to "Perl arguments", but this didn't work out. Additionally the "Perl
arguments" text field is only present under "Perl locale" in Run menu, but
not under "Perl CGI" which I use for cgi-scripts.
Could you tell me what the earlier mentioned "Enable taint mode"-box in
EPIC preferences can be used for?

jploski wrote on Mon Dec 25 12:31:56 CET 2006:

I forgot to mention that the CGI "Perl arguments" tab is only available
in the 'testing' version of EPIC. If you try it, EPIC will complain about
not being able to connect to the debugger (in fact, the debugger connects
to EPIC, not vice versa), and the error message will be visible in the CGI
process console.

The "Enable taint mode" checkbox causes the "-T" option to be passed to
the interpreter for "Perl Local" launch configurations and during syntax
checking. I consider this checkbox as deprecated. Both this checkbox and
the "Enable warnings" checkbox should probably be replaced with an ability
to pass arbitrary arguments to the syntax checker, and for launch configurations
the already mentioned "Perl arguments" text fields should be used.