libxslt read file rights problems on debian Lenny under mod perl 2.0

Hi everyone,

I'm experiencing a rather interesting problem after migrating
one of our web applications to debian lenny.

We have xml+xslt based web rendering, and we use XML::LibXSLT
(currently on Lenny, 0.66), to do this.

After migrating to Lenny, XML::LibXSLT refuses to read in
and parse any stylesheet, with errors like:

   Local file read for /some/path/www/xsl/stylesheet.xsl refused
   error
   xsltLoadStyleDocument: read rights for /some/path/www/xsl/stylesheet.xsl  
denied
   compilation error: file /some/path/www/xsl/anotherone.xsl line 14  
element include
   xsl:include : unable to load /some/path/www/xsl/stylesheet.xsl

There's a deep investigation going on, but before any other details
I might add, does anyone know anything about this issue?

I can't think we're the first ones on Earth
working with libxslt under lenny's mp (or maybe we are :)

Now for the gory details.
If I patch libxslt itself to disable the security checks, everything
is fine. That means shortcircuiting xsltGetSecurityPrefs() to return NULL.

If I try to do this with the security callbacks API in XML::LibXSLT,
no way I can make this work under mod_perl. On command line, seems to
be fine. XML::LibXSLT passes all tests, even the security related.

If I hack XML::LibXSLT XS code to bypass the security checks,
*nothing happens* (???). It's like the security checks are still
there, even reinstalling the module and restarting apache. (???)

--
Cosimo

Petr Pajas wrote:

> Is there another web application running on your apache web server
> that is using libxslt (directly or indirectly via some other library)?

No, I'm running just one web app.

I can probably try to run a really small test case
in a mod_perl handler, without loading my entire application,
to see how that works out.

Thanks for the idea,


--
Cosimo