Front page | perl.perl5.porters |
Postings from June 2010
On Thu, May 20, 2010 at 05:37:26AM -0700, mls@suse.de wrote: > perl-5.10.0 used the delyamagic mechanism to translate a > ($<, $>) = (99, 99); > assignment into one single setreuid() syscall. As of commit > 90630e3c741716305d7f1da4df5eab5c1bee42cc this no longer works, > as delaymagic is cleared before calling mg_set(). > > As a result, perl first does the uid and then the euid assignment, > which may result in a suddenly tainted perl. > > You can see the difference by running > perl -e '($<, $>) = (99, 99); system `echo /bin/true`' > as root in perl-5.10.0 and perl-5.12.0. Thanks for the report and diagnosis. Now fixed in blead with commit 8ef242405b8c660c02e953dbc987fbc06897af10. -- "Emacs isn't a bad OS once you get used to it. It just lacks a decent editor."Thread Previous