Segfaulting with rlm_perl

John Dennis jdennis at redhat.com
Fri Sep 2 15:51:45 CEST 2011


On 09/02/2011 09:43 AM, Norman Elton wrote:
> I'm beginning the process of replacing a home-grown RADIUS server with
> freeradius, a good idea on many many fronts. The server will interact
> with our backend databases in order to determine attributes to inject
> into the access-accept messages. For initial development, I've begun
> work on a perl script that is interacting with freeradius 2.1.10. I'm
> a little alarmed that a malfunctioning perl script can segfault the
> entire server. I was hoping that freeradius could compartmentalize a
> failing script, restarting it as necessary.
>
> Admittedly, during development, my scripts are not production-ready,
> and there are lots of safety checks that simply aren't there. But I'm
> worried that, going into production, we'll discover an unexpected
> corner-case that crashes our entire radius infrastructure (not a good
> thing).
>
> Is the best practice simply to make sure you're scripts are
> bullet-proof? Or is there a more stable method of interacting with an
> external resource? I chosen rlm_perl because the script didn't need to
> be instantiated every time (as with rlm_exec), but perhaps we'd be
> better off relying on rlm_exec if it is more tolerant of corner-case
> failures.

Of course a script error shouldn't segfault the server. It would have 
been much more useful if you had explained what the script error was and 
a stack trace from the segfault.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list