develooper Front page | perl.perl5.porters | Postings from June 2013

[perl #7758] FindBin.pm fails for setuid script on solaris

Thread Next
From:
James E Keenan via RT
Date:
June 19, 2013 23:09
Subject:
[perl #7758] FindBin.pm fails for setuid script on solaris
Message ID:
rt-3.6.HEAD-2552-1371683353-521.7758-15-0@perl.org
On Wed Jun 06 15:04:01 2012, ikegami@adaelis.com wrote:
> On Sun, May 27, 2012 at 2:18 AM, Brian Fraser via RT <
> perlbug-followup@perl.org> wrote:
> 
> > On Thu Sep 27 08:23:30 2001, psfales@ihgp.ih.lucent.com wrote:
> > >
> > > -----------------------------------------------------------------
> > > When a perl script is marked setuid on recent versions of solaris, $0
> > > is passed in as /dev/fd/3.  I understand that this is a feature of the
> > > OS, but it breaks the FindBin.pm module.  Perhaps there is no way to
> > > around this, but perhaps FindBin.pm could at least check for this case
> > > and produce an error message that would help explain what is going on.
> > > Here's the test program:
> > >
> > >         #!/usr/bin/perl -w
> > >         print "\$0 = $0\n";
> > >
> > >         use FindBin qw($Bin);
> > >         print "$Bin\n";
> > >
> > >
> > > When this program is run, we get:
> > >
> > > Cannot find current script '/dev/fd/3' at
> > > /opt/exp/perl/lib/5.6.1/FindBin.pm line 166
> > > BEGIN failed--compilation aborted at
> > > /opt/exp/perl/lib/5.6.1/FindBin.pm
> > > line 16!
> > > 6.
> > >
> > > Compilation failed in require at /dev/fd/3 line 4.
> > > BEGIN failed--compilation aborted at /dev/fd/3 line 4.
> > >
> > >
> >
> > Still present in 5.16.0. Should this be marked as Won't Fix?
> >
> 
> Actually, I'd reject for not being a bug.
> 
> First, returning an error is not necessarily a bug.
> 
> Second, the error is not the result of the bug. Find::Bin has no way of
> knowing where the script is located based on the info the system provided
> ($0="/dev/fd/3").
> 
> Third, even if Find::Bin did have some way of finding out the original
path
> to the file, it shouldn't use it because it would defy the system's
> security measure of passing /dev/fd/3 to perl.
> 
> - Eric


More than a year ago, ikegami recommended rejecting this ticket as not a
bug.  No one has disputed that recommendation since.

I am taking this ticket for the purpose of closing it within 7 days
unless someone wants to take the issue over.

Thank you very much.
Jim Keenan

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=7758

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About