Commit | Line | Data |
---|---|---|
463ee0b2 LW |
1 | #include "EXTERN.h" |
2 | #include "perl.h" | |
3 | ||
4 | void | |
5 | taint_not(s) | |
6 | char *s; | |
7 | { | |
8 | if (euid != uid) | |
9 | croak("No %s allowed while running setuid", s); | |
10 | if (egid != gid) | |
11 | croak("No %s allowed while running setgid", s); | |
12 | } | |
13 | ||
79072805 LW |
14 | void |
15 | taint_proper(f, s) | |
16 | char *f; | |
17 | char *s; | |
18 | { | |
463ee0b2 LW |
19 | if (tainting) { |
20 | DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid)); | |
21 | if (tainted) { | |
22 | char *ug = 0; | |
23 | if (euid != uid) | |
24 | ug = " while running setuid"; | |
25 | else if (egid != gid) | |
26 | ug = " while running setgid"; | |
27 | else if (tainting) | |
28 | ug = " while running with -T switch"; | |
29 | if (ug) { | |
30 | if (!unsafe) | |
31 | croak(f, s, ug); | |
32 | else if (dowarn) | |
33 | warn(f, s, ug); | |
34 | } | |
35 | } | |
79072805 LW |
36 | } |
37 | } | |
38 | ||
39 | void | |
40 | taint_env() | |
41 | { | |
42 | SV** svp; | |
43 | ||
463ee0b2 | 44 | if (tainting) { |
8990e307 | 45 | MAGIC *mg = 0; |
463ee0b2 | 46 | svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE); |
8990e307 | 47 | if (!svp || *svp == &sv_undef || (mg = mg_find(*svp, 't'))) { |
463ee0b2 | 48 | tainted = 1; |
8990e307 | 49 | if (mg && MgTAINTEDDIR(mg)) |
463ee0b2 LW |
50 | taint_proper("Insecure directory in %s%s", "PATH"); |
51 | else | |
52 | taint_proper("Insecure %s%s", "PATH"); | |
53 | } | |
54 | svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE); | |
55 | if (svp && *svp != &sv_undef && mg_find(*svp, 't')) { | |
56 | tainted = 1; | |
57 | taint_proper("Insecure %s%s", "IFS"); | |
58 | } | |
79072805 LW |
59 | } |
60 | } | |
61 |