Hi everyone,

I'm experiencing a rather interesting problem after migrating
one of our web applications to debian lenny.

We have xml+xslt based web rendering, and we use XML::LibXSLT
(currently on Lenny, 0.66), to do this.

After migrating to Lenny, XML::LibXSLT refuses to read in
and parse any stylesheet, with errors like:

 Local file read for /some/path/www/xsl/stylesheet.xsl refused
 error
 xsltLoadStyleDocument: read rights for /some/path/www/xsl/stylesheet.xsl
denied
 compilation error: file /some/path/www/xsl/anotherone.xsl line 14
element include
 xsl:include : unable to load /some/path/www/xsl/stylesheet.xsl

There's a deep investigation going on, but before any other details
I might add, does anyone know anything about this issue?

I can't think we're the first ones on Earth
working with libxslt under lenny's mp (or maybe we are :)

Now for the gory details.
If I patch libxslt itself to disable the security checks, everything
is fine. That means shortcircuiting xsltGetSecurityPrefs() to return NULL.

If I try to do this with the security callbacks API in XML::LibXSLT,
no way I can make this work under mod_perl. On command line, seems to
be fine. XML::LibXSLT passes all tests, even the security related.

If I hack XML::LibXSLT XS code to bypass the security checks,
*nothing happens* (???). It's like the security checks are still
there, even reinstalling the module and restarting apache. (???)

--
Cosimo