Front page | perl.perl5.porters |
Postings from February 2003
There are two components of the native VMS security model that trigger tainting very early in the startup of Perl. One of these is if the Perl image has been installed with privileges; the other is the presence of an identifier with the subsystem attribute set in the process's rightslist. If either of these conditions is met, we insert a -T into the argument vector since it's too early in startup to enable tainting any other way. The implementation has a couple of pointer bugs that cause an access violation whenever this code is exercised (apparently quite rarely). The attached patch fixes the argv manipulation so we avoid the crash and successfully insert the -T. The patch is against bleadperl but applies to all versions of Perl since the functionality was first introduced somewhere in the 5.5 timeframe. Thanks to Patrick Spinler for the detailed bug report.Thread Next