develooper Front page | perl.perl5.porters | Postings from September 2009

[perl #69246] Changing $< Unexpectedly Invoked Taint Mode

From:
perlbug-followup
Date:
September 20, 2009 05:22
Subject:
[perl #69246] Changing $< Unexpectedly Invoked Taint Mode
Message ID:
rt-3.6.HEAD-21832-1253379648-1134.69246-75-0@perl.org
# New Ticket Created by  imacat@mail.imacat.idv.tw 
# Please include the string:  [perl #69246]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=69246 >



This is a bug report for perl from imacat@mail.imacat.idv.tw,
generated with the help of perlbug 1.39 running under perl 5.10.1.


-----------------------------------------------------------------
[Please describe your issue here]

Dear all,

    Hi.  This is imacat from Taiwan.  I found that since Perl 5.10.1,
changing $< (real user id) unexpectedly invoked the taint mode.  This
is not found in perl5101delta.  This breaks existing applications like
MRTG, that they cannot read and use any foreign data anymore if they
want to change their UID.

   I have created a sample test case and attached below.  Please tell
me if you need any more information, or if I could be of any help.
Thank you.

root@rinse:~# cat /tmp/test.pl
#! /usr/bin/perl -w
print "before chuid: " . (${^TAINT}? "taint mode\n": "not taint mode\n");
$< = 1;
print "after chuid: " . (${^TAINT}? "taint mode\n": "not taint mode\n");
root@rinse:~# /tmp/test.pl
before chuid: not taint mode
after chuid: taint mode
root@rinse:~#

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.10.1:

Configured by imacat at Mon Sep  7 21:59:32 CST 2009.

Summary of my perl5 (revision 5 version 10 subversion 1) configuration:
   
  Platform:
    osname=linux, osvers=2.6.26-2-amd64, archname=x86_64-linux-thread-multi-ld
    uname='linux rinse 2.6.26-2-amd64 #1 smp wed aug 19 22:33:18 utc 2009 x86_64 gnulinux '
    config_args='-s -d -Dprefix=/usr -Dusethreads -Duselongdouble -Doptimize=-O3 -DDEBUGGING=-g -Dd_dosuid -Dotherlibdirs=/usr/lib/perl5:/usr/share/perl5 -Dinc_version_list=none -Duseshrplib=true -Dcf_email=imacat@mail.imacat.idv.tw -Dpager=/usr/bin/sensible-pager'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=define
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O3 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.3.2', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='long double', nvsize=16, Off_t='off_t', lseeksize=8
    alignbytes=16, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O3 -g -L/usr/local/lib -fstack-protector'

Locally applied patches:
    

---
@INC for perl 5.10.1:
    /home/imacat/lib/perl5
    /usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld
    /usr/lib/perl5/5.10.1
    /usr/lib/perl5/site_perl/5.10.1/x86_64-linux-thread-multi-ld
    /usr/lib/perl5/site_perl/5.10.1
    /usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld
    /usr/lib/perl5/5.10.1
    /usr/lib/perl5
    /usr/share/perl5
    .

---
Environment for perl 5.10.1:
    HOME=/home/imacat
    LANG=zh_TW
    LANGUAGE=zh_TW
    LC_ALL=zh_TW
    LC_COLLATE=zh_TW
    LC_CTYPE=zh_TW
    LC_MESSAGES=zh_TW
    LC_MONETARY=zh_TW
    LC_NUMERIC=zh_TW
    LC_TIME=zh_TW
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/imacat/bin:/bin:/usr/bin:/usr/local/bin
    PERL5LIB=/home/imacat/lib/perl5
    PERL_BADLANG (unset)
    SHELL=/bin/zsh

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About