develooper Front page | perl.perl5.porters | Postings from June 2004

[perl #30461] insecure dependency problem w/ kill when included in conditional w/ tainted variables

David R . Schulte
June 25, 2004 08:28
[perl #30461] insecure dependency problem w/ kill when included in conditional w/ tainted variables
Message ID:
# New Ticket Created by  David R. Schulte 
# Please include the string:  [perl #30461]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.34 running under perl v5.8.0.

[Please enter your report here]

Perl 5.8.x reports an insecure dependency error when kill is included
in a conditional with conditions based on tainted varialbes, even though
no tainted variables are involved with kill itself.
Please read the contents of the following example Perl script for details.

#!/opt/perl58/bin/perl -w
# Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
#  Platform:
# SunOS meappdev 5.8 Generic_117000-03 sun4u sparc SUNW,Ultra-Enterprise-10000
my $pidIsValid = undef;
my $lockingHost = "meappdev";
my $requestingHost = undef;
my $lockingPid = undef;

$ENV{PATH} = "/bin:/usr/bin";

delete @ENV{"CDPATH", "ENV", "BASH_ENV"};

$lockingHost = `uname -n`;
$requestingHost = `uname -n`;

#$lockingHost = "meappdev";
#$requestingHost = "meappdev";

# Leaving both assignments above commented out produces the following error
# when this script is run with uid != euid. Uncommenting either one
# of the assignhments above causes the error to go away.
# Insecure dependency in kill while running setuid ...
# Example 1:
$pidIsValid = ($requestingHost eq $lockingHost) ? kill(0, 1) : 1;

# Example 2:
if (($requestingHost eq $lockingHost) && kill(0, 1) == 0)
    $pidIsValid = 1;

# Perl seems to think that the tainted varialbes are a part of the
# kill invocation when included as part of a conditional. Something else
# that is odd is that the error appears only if BOTH $requestingHost
# and $lockingHost are tainted.

[Please do not change anything below this line]
Site configuration information for perl v5.8.0:

Configured by lstreet at Tue Mar  4 13:54:18 EST 2003.

Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
    osname=solaris, osvers=2.8, archname=sun4-solaris
    uname='sunos 5.8 generic_108528-18 sun4u sparc sunw,ultra-enterprise-10000 '
    config_args='-Dcc=gcc -B/usr/ccs/bin/'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='gcc -B/usr/ccs/bin/', ccflags ='-fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    ccversion='', gccversion='3.2', gccosandvers='solaris2.8'
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='gcc -B/usr/ccs/bin/', ldflags =' -L/usr/local/lib '
    libpth=/usr/local/lib /usr/lib /usr/ccs/lib
    libs=-lsocket -lnsl -ldl -lm -lc
    perllibs=-lsocket -lnsl -ldl -lm -lc
    libc=/lib/, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-fPIC', lddlflags='-G -L/usr/local/lib'

Locally applied patches:

@INC for perl v5.8.0:

Environment for perl v5.8.0:
    LANGUAGE (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)
    SHELL=/bin/ksh Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About