0

I have a number of badly written perl programs serving up my websites. Occasionally they crash and the user sees ...

Software error: Yadda yadda yadda. For help, please send mail to the webmaster (webmaster@mywebsite.com), giving this error message and the time and date of the error.

I don't have access to that email address and even if I did those naughty users cannot be trusted to report this error.

So what I would like to do is get this error to trigger a HTTP error 500, so that I can monitor it with a line in the htaccess file like ...

ErrorDocument 500 /fixThisBug.shtml

Melchester
  • 421
  • 3
  • 18
  • 1
    1) Find the files that contain "webmaster@mywebsite.com" 2) Change the code to `die` instead of printing a message 3) Update your Apache config – ThisSuitIsBlackNot Feb 03 '17 at 00:21
  • 1
    (In other words, fix the root cause of the issue instead of trying to hack around it.) – ThisSuitIsBlackNot Feb 03 '17 at 00:21
  • Are you saying that this message is being generated by the perl programs themselves? Certainly that email address is not contained in any of the perl scripts. I don't understand why I am getting this error rather than the HTTP 500 one. – Melchester Feb 03 '17 at 03:31

1 Answers1

1

Thanks to ThisSuitIsBlackNot for the direction.

The perl programs all have

use CGI::Carp(fatalsToBrowser);

Which stifles the HTTP 500 error. Simply removing this will allow the programs to crash "properly".

ThisSuitIsBlackNot
  • 23,492
  • 9
  • 63
  • 110
Melchester
  • 421
  • 3
  • 18
  • Good find. `fatalsToBrowser` should never be enabled in production because it can reveal details about the internals of your scripts to potential attackers. Also, if `fatalsToBrowser` really isn't quoted or in a `qw`, that tells me your scripts don't `use strict;`. – ThisSuitIsBlackNot Feb 03 '17 at 15:20