develooper Front page | perl.perl5.porters | Postings from February 2003

[PATCH] arcane tainting bug in vms.c

Thread Next
Craig A. Berry
February 15, 2003 10:29
[PATCH] arcane tainting bug in vms.c
Message ID:
There are two components of the native VMS security model that trigger
tainting very early in the startup of Perl. One of these is if the Perl
image has been installed with privileges; the other is the presence of
an identifier with the subsystem attribute set in the process's rightslist.

If either of these conditions is met, we insert a -T into the argument
vector since it's too early in startup to enable tainting any other way.
The implementation has a couple of pointer bugs that cause an access
violation whenever this code is exercised (apparently quite rarely).

The attached patch fixes the argv manipulation so we avoid the crash and
successfully insert the -T. The patch is against bleadperl but applies
to all versions of Perl since the functionality was first introduced
somewhere in the 5.5 timeframe.

Thanks to Patrick Spinler for the detailed bug report.

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About