Apply Jarkko's suidperl security patch.
authorLeon Brocard <acme@astray.com>
Wed, 18 Feb 2004 11:01:39 +0000 (11:01 +0000)
committerLeon Brocard <acme@astray.com>
Wed, 18 Feb 2004 11:01:39 +0000 (11:01 +0000)
(Thanks to Yitzchak Scott-Thoennes for noticing)

p4raw-id: //depot/maint-5.005/perl@22331

perl.c
pod/perldelta.pod

index d692386..5673550 100644 (file)
--- a/perl.c
+++ b/perl.c
@@ -2220,16 +2220,6 @@ validate_suid(char *validarg, char *scriptname, int fdscript)
            if (tmpstatbuf.st_dev != PL_statbuf.st_dev ||
                tmpstatbuf.st_ino != PL_statbuf.st_ino) {
                (void)PerlIO_close(PL_rsfp);
-               if (PL_rsfp = PerlProc_popen("/bin/mail root","w")) {   /* heh, heh */
-                   PerlIO_printf(PL_rsfp,
-"User %ld tried to run dev %ld ino %ld in place of dev %ld ino %ld!\n\
-(Filename of set-id script was %s, uid %ld gid %ld.)\n\nSincerely,\nperl\n",
-                       (long)PL_uid,(long)tmpstatbuf.st_dev, (long)tmpstatbuf.st_ino,
-                       (long)PL_statbuf.st_dev, (long)PL_statbuf.st_ino,
-                       SvPVX(GvSV(PL_curcop->cop_filegv)),
-                       (long)PL_statbuf.st_uid, (long)PL_statbuf.st_gid);
-                   (void)PerlProc_pclose(PL_rsfp);
-               }
                croak("Permission denied\n");
            }
            if (
index 4d3ed11..ccdd433 100644 (file)
@@ -16,6 +16,10 @@ Perl now compiles and runs under modern Unix systems, including those
 with recent Berkeley DB libraries or GCC 3. Additionally, it now runs
 under Mac OS X (10.3).
 
+This also contains a security fix for a suidperl vulnerability. See
+http://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt for
+more information.
+
 =head1 About the new versioning system
 
 Perl is now developed on two tracks: a maintenance track that makes