Windows

ActivePerl CVE-2012-5377 Insecure File Permissions Vulnerability

Question: 

We have read the Security alert for CVE-2012-5377, and would like more information.

Answer: 

This is not a new issue, and it's not really an ActivePerl issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePerl has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Perl directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Perl'"

Be advised that protecting Perl from this vulnerability *will* result in reduced functionality. With altered acls, PPM will be unable to manage modules unless it is run with elevated priviledges.

Powershell is included in Windows 7. With older versions, you may be able to download.

ActiveTcl CVE-2012-5378 Insecure File Permissions Vulnerability

Question: 

We have read the Security alert for CVE-2012-5378, and would like more information.

Answer: 

This is not a new issue, and it's not really an ActiveTcl issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActiveTcl has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Tcl directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Tcl'"

Be advised that protecting Tcl from this vulnerability *will* result in reduced functionality. With altered acls, teacup will be unable to manage modules unless it is run with elevated priviledges.

Powershell is included in Windows 7. With older versions, you may be able to download.

ActivePython CVE-2012-5379 Insecure File Permissions Vulnerability

Question: 

We have read the Security alert for CVE-2012-5379, and would like more information.

Answer: 

This is not a new issue, and it's not really an ActivePython issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePython has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Python directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Python'"

Be advised that protecting Python from this vulnerability *will* result in reduced functionality. With altered acls, PyPM will be unable to manage modules unless it is run with elevated priviledges. If you are using virtualenv, you will not be fully protected from this vulnerability unless you protect your virtualenv directory as well.

Powershell is included in Windows 7. With older versions, you may be able to download.

Auto-refresh Firefox (or other browser) upon saving file.

Macro 1: Automatically refreshes the browser based upon a pref called ffrefreshstatus.
The macro executes a small vbs script which switches to firefox and performs a refresh of the current tab.

refresh();

function refresh() {

       
                var pref_name = ko.interpolate.interpolateStrings('ffrefreshstatus');
                var do_refresh = false;
                if (pref_name) {
                        var prefs = Components.classes['@activestate.com/koPrefService;1'].getService(Components.interfaces.koIPrefService).prefs;
                        if (prefs.hasBooleanPref(pref_name)) {
                                do_refresh = prefs.getBooleanPref(pref_name);
                        }

Net-Sftp-Foreign not working with PerlNET

I have a script that uses Net-Sftp-Foreign that works every time from perl interpreter, and fails everytime when ran as a compiled exe from perlnet. I connect to an sftp site, and get a directory listing. In perl, it works, in exe it dies. Any ideas?

Example exe output w/ debug turned on:

# This is Net::SFTP::Foreign 1.73
# Loaded from /Net/SFTP/Foreign.pm
# Running on Perl v5.10.1 for MSWin32
# debug set to 25
# ~0 is 4294967295
# Using backend Net::SFTP::Foreign::Backend::Windows 1.70_08
# ssh cmd: plink -P xxx -pw xxx -l xxx -v xxxx -s sftp

Komodo 7 Crash Report (Frequently Generated) in Windows Xp

the following reports are generated frequently and restart the komodo..
i didn't work continuously..

AdapterDeviceID: 3344
AdapterVendorID: 1106

Not able to install ETS due to the dependency enable>=4.2.0

I have installed ActivePython 2.7.2.5 on Windows XP, and am trying to install ETS.
From the PyPM console, I did

pypm install ets

Getting the below error on the enable package dependency:

error: no such package found for requirement "enable>=4.2.0.dev; enable";
required by "ets"; try PyPM Index:
http://code.activestate.com/pypm/search:enable>=4.2.0.dev; enable/

However, even with pypm install enable, it installs 4.2.0 version of enable.

entry point

Hello -- I am trying to start python interpreter from another program via the API call ... I want the interpreter to run in the same process as the caller -- It not clear which directory need to be in my path so the EP can be found -- also what is the name of the dll that has the EP

ack broken in Perl 5.16

ack is currently broken in the PPM repository for 5.16: http://code.activestate.com/ppm/ack/.

I've checked the build log and the source, and it looks like the only problem is that one of the patch hunks is no longer required (it has been applied upstream).

Could you please fix the build, then?

Exe fails on other Win hosts

Hello,
I have the trial version of perlapp and I am trying to make an independent exe from a running perl script. The script runs fine and the exe does too when run from the PC it was built on (Windows XP 32bit). However, when I try the app on any other Windows machine (XP or 7) I get the following error:

"The program can't start because libgcc_s_sjlj-1.dll is missing from your computer...." The next error complains about not finding perl516.dll

If I run perapp with verbose logging I can see both these files get added to the exe.

Has anyone any ideas?

Thanks