develooper Front page | perl.perl5.porters | Postings from April 2010

[perl #74142] provide a better c wrapper example in perlsec

Thread Next
From:
Jerome Quelin
Date:
April 9, 2010 04:20
Subject:
[perl #74142] provide a better c wrapper example in perlsec
Message ID:
rt-3.6.HEAD-6227-1270739212-1082.74142-75-0@perl.org
# New Ticket Created by  Jerome Quelin 
# Please include the string:  [perl #74142]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=74142 >



This is a bug report for perl from jquelin@gmail.com,
generated with the help of perlbug 1.39 running under perl 5.12.0.


-----------------------------------------------------------------
[Please describe your issue here]

perl 5.12 doesn't ship perlsuid anymore. it's said so in perlsec, with a
small piece of a c code to use as a wrapper calling the real perl
script, the goal being to setuid the wrapper instead.

however, the wrapper could be better, such as sanitizing env, or
whatever any security-aware people will recommend.

==> in order to have a smooth transition, it would be good to provide a
more secure wrapper to be used easily.


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=docs
    severity=low
---
Site configuration information for perl 5.12.0:

Configured by Mandriva at Thu Apr  8 16:20:55 CEST 2010.

Summary of my perl5 (revision 5 version 12 subversion 0) configuration:
   
  Platform:
    osname=linux, osvers=2.6.33.1-desktop-1mnb, archname=x86_64-linux-thread-multi
    uname='linux localhost 2.6.33.1-desktop-1mnb #1 smp tue mar 16 18:22:58 utc 2010 x86_64 x86_64 x86_64 gnulinux '
    config_args='-des -Dinc_version_list=5.10.1 5.10.0 5.8.8 5.8.7 5.8.6 5.8.5 5.8.4 5.8.3 5.8.2 5.8.1 5.8.0 5.6.1 5.6.0 -Darchname=x86_64-linux -Dcc=x86_64-mandriva-linux-gnu-gcc -Doptimize=-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -DDEBUGGING=-g -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dsitebin=/usr/local/bin -Dsiteman1dir=/usr/local/share/man/man1 -Dsiteman3dir=/usr/local/share/man/man3 -Dman3ext=3pm -Dcf_by=Mandriva -Dmyhostname=localhost -Dperladmin=root@localhost -Dcf_email=root@localhost -Ud_csh -Duseshrplib -Duseithreads -Di_db -Di_ndbm -Di_gdbm'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='x86_64-mandriva-linux-gnu-gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.4.3', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='x86_64-mandriva-linux-gnu-gcc', ldflags =' -fstack-protector -L/usr/local/lib64'
    libpth=/usr/local/lib64 /lib64 /usr/lib64
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.11.1.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.11.1'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.12.0/x86_64-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -L/usr/local/lib64'

Locally applied patches:
    RC4
    Mandriva Linux patches

---
@INC for perl 5.12.0:
    /home/jquelin/rpm/cooker/perl/BUILD/perl-5.12.0-RC4/lib
    /usr/lib/perl5/site_perl/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/site_perl/5.12.0
    /usr/lib/perl5/vendor_perl/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.12.0
    /usr/lib/perl5/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/5.12.0
    /usr/lib/perl5/site_perl/5.10.1
    /usr/lib/perl5/site_perl/5.10.0
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.10.1
    /usr/lib/perl5/vendor_perl/5.10.0
    /usr/lib/perl5/vendor_perl/5.8.8
    /usr/lib/perl5/vendor_perl
    .

---
Environment for perl 5.12.0:
    HOME=/home/jquelin
    LANG=fr_FR.UTF-8
    LANGUAGE=fr_FR.UTF-8:fr
    LC_ADDRESS=fr_FR.UTF-8
    LC_COLLATE=fr_FR.UTF-8
    LC_CTYPE=fr_FR.UTF-8
    LC_IDENTIFICATION=fr_FR.UTF-8
    LC_MEASUREMENT=fr_FR.UTF-8
    LC_MESSAGES=fr_FR.UTF-8
    LC_MONETARY=fr_FR.UTF-8
    LC_NAME=fr_FR.UTF-8
    LC_NUMERIC=fr_FR.UTF-8
    LC_PAPER=fr_FR.UTF-8
    LC_SOURCED=1
    LC_TELEPHONE=fr_FR.UTF-8
    LC_TIME=fr_FR.UTF-8
    LD_LIBRARY_PATH=.
    LOGDIR (unset)
    PATH=.:/home/jquelin/bin:/home/jquelin/bin:/home/jquelin/bin:/home/jquelin/bin:/usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin/:/usr/games:/usr/lib/qt4/bin:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games
    PERL5LIB=/home/jquelin/rpm/cooker/perl/BUILD/perl-5.12.0-RC4/lib
    PERL_BADLANG (unset)
    SHELL=/bin/bash


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About