Front page | perl.perl5.porters |
Postings from October 2003
"pxm@nubz.org (via RT)" <perlbug-followup@perl.org> writes:
> # New Ticket Created by pxm@nubz.org
> # Please include the string: [perl #24122]
> # in the subject line of all future correspondence about this issue.
> # <URL: http://rt.perl.org/rt2/Ticket/Display.html?id=24122 >
>
>
> This is a bug report for perl from pxm@nubz.org,
> generated with the help of perlbug 1.34 running under perl v5.8.1.
>
>
> -----------------------------------------------------------------
> [Please enter your report here]
>
> The library calls setruid, setrgid, setreuid, and setregid on
> darwin (MacOS X) are severely broken, causing any attempt to
> change $< or $( to fail silently.
>
> This will cause problems in scripts that use those variables to
> drop privileges. Either they'll die unpleasantly (if they properly
> check $< afterwards) or they might gain a security vulnerability.
> Scripts that use POSIX::setuid will be unaffected ofcourse.
>
> The only solution I can think of is to make the configure script
> pretend those four calls don't exist on darwin. Properly testing
> whether they work would require root perms.
Or better, just add
d_setregid='undef'
d_setreuid='undef'
d_setrgid='undef'
d_setruid='undef'
to darwin's hints file (just like the lines in hints/freebsd.sh for
older FreeBSD releases).
[...]
Regards,
Slaven
--
Slaven Rezic - slaven@rezic.de
tkrevdiff - graphical display of diffs between revisions (RCS, CVS or SVN)
http://ptktools.sourceforge.net/#tkrevdiff
Thread Previous
|
Thread Next