Front page | perl.perl5.porters |
Postings from October 2003
Can you describe the nature of the problem with these calls, and possibly provide a simple test? I'll file a bug at Apple for you if I can get enough info to do so. This change seems like the right thing if they are broken, and I would recommend the same thing in rhapsody as well, as it's highly unlikely that API broken in darwin works in rhapsody. -wsv > Slaven Rezic wrote: >> "pxm@nubz.org (via RT)" <perlbug-followup@perl.org> writes: >>> >>> The library calls setruid, setrgid, setreuid, and setregid on >>> darwin (MacOS X) are severely broken, causing any attempt to >>> change $< or $( to fail silently. >>> >>> This will cause problems in scripts that use those variables to >>> drop privileges. Either they'll die unpleasantly (if they properly >>> check $< afterwards) or they might gain a security vulnerability. >>> Scripts that use POSIX::setuid will be unaffected ofcourse. >>> >>> The only solution I can think of is to make the configure script >>> pretend those four calls don't exist on darwin. Properly testing >>> whether they work would require root perms. >> >> Or better, just add >> >> d_setregid='undef' >> d_setreuid='undef' >> d_setrgid='undef' >> d_setruid='undef' >> >> to darwin's hints file (just like the lines in hints/freebsd.sh for >> older FreeBSD releases). > > Added preventively as change #21438 to bleadperl. > > I'm cc:ing Wilfredo Sanchez for advice of the official maintainer of > this hints file. (Maybe should this go into hints/rhapsody.sh as > well.)