http://qs321.pair.com?node_id=11147993


in reply to Re^3: Insecure Dependency in Taint Mode
in thread Insecure Dependency in Taint Mode

The cPanelUserConfig module's sole purpose is to add the user-specific folders for a cPanel-based shared hosting site. On my cPanel-based shared hosting provider, this @INC populating can be accomplisehd via use cPanelUserConfig; or through a shebang of #!/usr/bin/perlml -- but it may be that other hosts are set up differently.

I was going to paste the contents of my provider's cPanelUserConfig.pm , since it's only a couple lines of code, but the copyright notice says I'd have to check the cPanel license terms to copy, which I didn't feel like doing. It's essentially a for-loop that adds predefined user-specific folders to @INC through unshift @INC, ... commands. This allows a perl script run on the shared hosting server to see the Perl modules that a given user has added through the cPanel interface that their host provides. Without this, users could not use the extra modules they have installed without manually inserting the various paths to user-installed scripts via @INC manipulation or multiple use lib ... statements. (Doing it manually could be fragile, because occasionally a shared hosting provider will change the path that leads up to where a user's home-directory, which could cause unexpected crashes in your scripts. Using the cPanelUserConfig or equivalent should make it more robust.)

So to the cPanel-based shared-hosting customer: You must include a line similar to the above to use the modules you install through cPanel -- but check your host's documentation, because they will be the canonical source for their specific implementation of cPanel.

And to the person replying to a question that includes use cPanelUserConfig; : This is just manipulating the @INC so that the script can see customer-installed scripts on a shared-hosting provider; it is not where you should be looking for bugs, and the questioner cannot just "remove" it, because otherwise the SSCCE they tried to provide won't work on their shared host.

(I decided to make this tangential post so that it can be used in the future, since it seems to come up once a year or so since I became a monk, and either the person asking the question or the person answering doesn't know what it does. This can be accessed in the future using [cPanelUserConfig Reference] )

My previous posts describing the purpose of cPanelUserConfig :

  • Re^5: Error Message - PL_perl_destruct_level at /usr/lib64/perl5/DynaLoader.pm
  • Re: GD and LWP giving 500 errors
  • Re: When modules install in perl5
  • Re: Apache/CGI fcould not use Spreadsheet::ParseExcel
  • Re^2: Using eval: $@ isn't returning the error I expect

    • Replies are listed 'Best First'.
    Re: cPanelUserConfig Reference
    by kcott (Archbishop) on Nov 05, 2022 at 23:43 UTC

      G'day pryrt,

      ++ Many thanks for this detailed explanation.

      "... essentially a for-loop that adds predefined user-specific folders to @INC through unshift @INC, ... commands."

      Given your mention of "specific implementation of cPanel", I imagine that it's not impossible for one of those predefined values to be tainted in some implementation(s). On that basis, and even if it's unlikely, it's still worth checking cPanelUserConfig to move from, as I put it, "pretty sure" to "100% certain".

      Not posting your cPanelUserConfig.pm was the correct decision. I made much the same choice with not "search[ing] the web for an unofficial copy".

      Changing the title, to facilitate searching for cPanelUserConfig here, was also a good move.

      — Ken

    		[reply]
    [d/l]
    [select]
    Re: cPanelUserConfig Reference
    by Bod (Parson) on Nov 05, 2022 at 20:27 UTC

      Thank you pryrt for a far better explanation than I managed...

    		[reply]

    In Section Seekers of Perl Wisdom