Front page | perl.perl5.porters |
Postings from October 2003
Slaven Rezic wrote: > "pxm@nubz.org (via RT)" <perlbug-followup@perl.org> writes: > > > > The library calls setruid, setrgid, setreuid, and setregid on > > darwin (MacOS X) are severely broken, causing any attempt to > > change $< or $( to fail silently. > > > > This will cause problems in scripts that use those variables to > > drop privileges. Either they'll die unpleasantly (if they properly > > check $< afterwards) or they might gain a security vulnerability. > > Scripts that use POSIX::setuid will be unaffected ofcourse. > > > > The only solution I can think of is to make the configure script > > pretend those four calls don't exist on darwin. Properly testing > > whether they work would require root perms. > > Or better, just add > > d_setregid='undef' > d_setreuid='undef' > d_setrgid='undef' > d_setruid='undef' > > to darwin's hints file (just like the lines in hints/freebsd.sh for > older FreeBSD releases). Added preventively as change #21438 to bleadperl. I'm cc:ing Wilfredo Sanchez for advice of the official maintainer of this hints file. (Maybe should this go into hints/rhapsody.sh as well.)Thread Previous