In perl.c, only compile S_forbid_setid() if it's needed.smoke-me/kick-FAKE_BIT_BUCKET

If SETUID_SCRIPTS_ARE_SECURE_NOW is defined, S_forbid_setid() is a no-op,
so don't compile it. Move the declaration and definition of S_forbid_setid()
into the same pre-processor blocks as are used for S_validate_suid(), which
is a no-op when SETUID_SCRIPTS_ARE_SECURE_NOW is /not/ defined.

4 files changed, 17 insertions, 20 deletions

diff --git a/embed.fnc b/embed.fnc
index b0fb7c3267..a73deb0e48 100644
--- a/embed.fnc
+++ b/embed.fnc
@@ -1772,7 +1772,6 @@ s	|void	|Slab_to_rw	|NN void *op
 
 #if defined(PERL_IN_PERL_C)
 s	|void	|find_beginning	|NN SV* linestr_sv|NN PerlIO *rsfp
-s	|void	|forbid_setid	|const char flag
 s	|void	|incpush	|NN const char *const dir|STRLEN len \
 				|U32 flags
 s	|SV*	|mayberelocate	|NN const char *const dir|STRLEN len \
diff --git a/embed.h b/embed.h
index 700bb62662..4e154c17fc 100644
--- a/embed.h
+++ b/embed.h
@@ -1429,7 +1429,6 @@
 #  endif
 #  if defined(PERL_IN_PERL_C)
 #define find_beginning(a,b)	S_find_beginning(aTHX_ a,b)
-#define forbid_setid(a)		S_forbid_setid(aTHX_ a)
 #define incpush(a,b,c)		S_incpush(aTHX_ a,b,c)
 #define incpush_use_sep(a,b,c)	S_incpush_use_sep(aTHX_ a,b,c)
 #define init_ids()		S_init_ids(aTHX)
diff --git a/perl.c b/perl.c
index 7c6c36ebfb..a9f380bc46 100644
--- a/perl.c
+++ b/perl.c
@@ -77,9 +77,13 @@ char *getenv (char *); /* Usually in <stdlib.h> */
 static I32 read_e_script(pTHX_ int idx, SV *buf_sv, int maxlen);
 
 #ifdef SETUID_SCRIPTS_ARE_SECURE_NOW
+static void S_forbid_setid(pTHX_ const char flag);
+
 #  define validate_suid(rsfp) NOOP
+#  define forbid_setid(flag) S_forbid_setid(aTHX_ flag)
 #else
 #  define validate_suid(rsfp) S_validate_suid(aTHX_ rsfp)
+#  define forbid_setid(flag) NOOP
 #endif
 
 #define CALL_BODY_SUB(myop) \
@@ -3751,7 +3755,19 @@ S_open_script(pTHX_ const char *scriptname, bool dosearch, bool doextract)
 
 
 #ifdef SETUID_SCRIPTS_ARE_SECURE_NOW
-/* Don't even need this function.  */
+static void
+S_forbid_setid(pTHX_ const char flag)
+{
+    dVAR;
+    char what = 0;
+
+    if (PerlProc_getuid() != PerlProc_geteuid())
+	what = 'u';
+    else if (PerlProc_getgid() != PerlProc_getegid())
+	what = 'g';
+    if (what)
+        Perl_croak(aTHX_ "No -%c allowed while running set%cid", flag, what);
+}
 #else
 STATIC void
 S_validate_suid(pTHX_ PerlIO *rsfp)
@@ -3869,22 +3885,6 @@ Perl_doing_taint(int argc, char *argv[], char *envp[])
     return 0;
 }
 
-STATIC void
-S_forbid_setid(pTHX_ const char flag)
-{
-#ifdef SETUID_SCRIPTS_ARE_SECURE_NOW
-    dVAR;
-    char what = 0;
-
-    if (PerlProc_getuid() != PerlProc_geteuid())
-	what = 'u';
-    else if (PerlProc_getgid() != PerlProc_getegid())
-	what = 'g';
-    if (what)
-        Perl_croak(aTHX_ "No -%c allowed while running set%cid", flag, what);
-#endif /* SETUID_SCRIPTS_ARE_SECURE_NOW */
-}
-
 void
 Perl_init_dbargs(pTHX)
 {
diff --git a/proto.h b/proto.h
index 6d59cfbc1a..c086bf8df1 100644
--- a/proto.h
+++ b/proto.h
@@ -5892,7 +5892,6 @@ STATIC void	S_find_beginning(pTHX_ SV* linestr_sv, PerlIO *rsfp)
 #define PERL_ARGS_ASSERT_FIND_BEGINNING	\
 	assert(linestr_sv); assert(rsfp)
 
-STATIC void	S_forbid_setid(pTHX_ const char flag);
 STATIC void	S_incpush(pTHX_ const char *const dir, STRLEN len, U32 flags)
 			__attribute__nonnull__(pTHX_1);
 #define PERL_ARGS_ASSERT_INCPUSH	\