Commit | Line | Data |
---|---|---|
79072805 LW |
1 | void |
2 | taint_proper(f, s) | |
3 | char *f; | |
4 | char *s; | |
5 | { | |
6 | DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid)); | |
7 | if (tainted && (!euid || euid != uid || egid != gid || taintanyway)) { | |
8 | if (!unsafe) | |
9 | fatal(f, s); | |
10 | else if (dowarn) | |
11 | warn(f, s); | |
12 | } | |
13 | } | |
14 | ||
15 | void | |
16 | taint_env() | |
17 | { | |
18 | SV** svp; | |
19 | ||
20 | svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE); | |
21 | if (!svp || *svp == &sv_undef || (*svp)->sv_tainted) { | |
22 | tainted = 1; | |
23 | if ((*svp)->sv_tainted == 2) | |
24 | taint_proper("Insecure directory in %s", "PATH"); | |
25 | else | |
26 | taint_proper("Insecure %s", "PATH"); | |
27 | } | |
28 | svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE); | |
29 | if (svp && *svp != &sv_undef && (*svp)->sv_tainted) { | |
30 | tainted = 1; | |
31 | taint_proper("Insecure %s", "IFS"); | |
32 | } | |
33 | } | |
34 |