perl patches 16 and 17
Michael Greim
greim at sbsvax.UUCP
Wed Nov 23 23:19:51 AEST 1988
In article <935 at taux01.UUCP>, cjosta at taux01.UUCP (Jonathan Sweedler) writes:
> I tried to apply patches 16 and 17 to perl but had a problem compiling
> perly.c. In line 526 it says that origargv is undefined. I am not
> running with the setuid-fixup-thingamabob working. When I re-run
> Configure and tell it that I want to do the special setuid checking,
> then perly.c (and everything else) compiles ok.
>
> origargv is defined in perly.c but only if the DOSUID pre-processor
> flag is set. In line 511 there is an #else pre-processor statement
> that causes line 526 to be compiled when DOSUID is not set instead of
> when DOSUID is set. It seems that line 526 should only be compiled
> when DOSUID is set and not when DOSUID is not set. Can we have an
> official patch for this, Larry? Thanks.
We fixed it by defining origargs in any case. Just move the 'ifdef' from above
it to behind it.
We came to the following conclusions:
- the use of origargv is only active if !DOSUID and !TAINT, which means
the program is running as normal perl.
- the test above seems to be whether this particular program (normal perl)
is running setuid. Someone might just set the s-bit.
- if it runs setuid, then it refuses to read the script, but rather
calls taintperl, which is equipped to check on such scripts.
(Remember : there is no suidperl)
As it has to pass its original arguments to taintperl, but
argv has been destroyed already, we think it makes sense to
define origargv to hold them.
-mg
--
email : greim at sbsvax.informatik.uni-saarland.dbp.de
(some mailers might not like this. Then use greim at sbsvax.uucp)
or : ...!uunet!unido!sbsvax!greim
# include <disclaimers/std.h>
More information about the Comp.sources.bugs
mailing list