This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Re: NETaa14816: tzname[] and SunOS - Here's a patch
[perl5.git] / taint.c
diff --git a/taint.c b/taint.c
index 5178ee2..6c64b39 100644 (file)
--- a/taint.c
+++ b/taint.c
@@ -1,14 +1,44 @@
+/*
+ * "...we will have peace, when you and all your works have perished--and
+ * the works of your dark master to whom you would deliver us.  You are a
+ * liar, Saruman, and a corrupter of men's hearts."  --Theoden
+ */
+
+#include "EXTERN.h"
+#include "perl.h"
+
+void
+taint_not(s)
+char *s;
+{
+    if (euid != uid)
+        croak("No %s allowed while running setuid", s);
+    if (egid != gid)
+        croak("No %s allowed while running setgid", s);
+}
+
 void
 taint_proper(f, s)
 char *f;
 char *s;
 {
-    DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid));
-    if (tainted && (!euid || euid != uid || egid != gid || taintanyway)) {
-       if (!unsafe)
-           fatal(f, s);
-       else if (dowarn)
-           warn(f, s);
+    if (tainting) {
+       DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid));
+       if (tainted) {
+           char *ug = 0;
+           if (euid != uid)
+               ug = " while running setuid";
+           else if (egid != gid)
+               ug = " while running setgid";
+           else if (tainting)
+               ug = " while running with -T switch";
+           if (ug) {
+               if (!unsafe)
+                   croak(f, s, ug);
+               else if (dowarn)
+                   warn(f, s, ug);
+           }
+       }
     }
 }
 
@@ -17,18 +47,25 @@ taint_env()
 {
     SV** svp;
 
-    svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
-    if (!svp || *svp == &sv_undef || (*svp)->sv_tainted) {
-       tainted = 1;
-       if ((*svp)->sv_tainted == 2)
-           taint_proper("Insecure directory in %s", "PATH");
-       else
-           taint_proper("Insecure %s", "PATH");
-    }
-    svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
-    if (svp && *svp != &sv_undef && (*svp)->sv_tainted) {
-       tainted = 1;
-       taint_proper("Insecure %s", "IFS");
+    if (tainting) {
+       MAGIC *mg = 0;
+       svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
+       if (!svp || *svp == &sv_undef ||
+         ((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
+       {
+           tainted = TRUE;
+           if (mg && MgTAINTEDDIR(mg))
+               taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
+           else
+               taint_proper("Insecure %s%s", "$ENV{PATH}");
+       }
+       svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
+       if (svp && *svp != &sv_undef &&
+         (mg = mg_find(*svp, 't')) && mg->mg_len & 1)
+       {
+           tainted = TRUE;
+           taint_proper("Insecure %s%s", "$ENV{IFS}");
+       }
     }
 }
 
Unnamed repository; edit this file 'description' to name the repository.