summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJarkko Hietaniemi <jhi@iki.fi>1999-10-26 09:12:48 +0000
committerJarkko Hietaniemi <jhi@iki.fi>1999-10-26 09:12:48 +0000
commit6bf425089316a32726a25ea317fa3faa951fb073 (patch)
treec8806e58bb130346889f887abebc8c113cb3e6de
parent8d5a0f9fbd38e20ea7253de2fce1dd0ead05c656 (diff)
downloadperl-6bf425089316a32726a25ea317fa3faa951fb073.tar.gz
Add getmnt() to nosuid checking.
p4raw-id: //depot/cfgperl@4457
-rwxr-xr-xConfigure19
-rw-r--r--Porting/config_H64
-rw-r--r--config_h.SH6
-rw-r--r--embed.h8
-rwxr-xr-xembed.pl2
-rw-r--r--perl.c53
-rw-r--r--perl.h13
-rw-r--r--pod/perldiag.pod6
-rw-r--r--proto.h2
9 files changed, 104 insertions, 69 deletions
diff --git a/Configure b/Configure
index 2832ad7879..b2dd4d70ea 100755
--- a/Configure
+++ b/Configure
@@ -20,7 +20,7 @@
# $Id: Head.U,v 3.0.1.9 1997/02/28 15:02:09 ram Exp $
#
-# Generated on Sat Oct 23 18:23:43 EET DST 1999 [metaconfig 3.0 PL70]
+# Generated on Tue Oct 26 11:04:43 EET DST 1999 [metaconfig 3.0 PL70]
# (with additional metaconfig patches by perlbug@perl.com)
cat >/tmp/c1$$ <<EOF
@@ -370,6 +370,7 @@ d_phostname=''
d_uname=''
d_gethostprotos=''
d_getlogin=''
+d_getmnt=''
d_getmntent=''
d_getnbyaddr=''
d_getnbyname=''
@@ -8690,8 +8691,15 @@ set fstatfs d_fstatfs
eval $inlibc
: see if statfs knows about mount flags
-set d_statfsflags statfs f_flags $i_sysparam sys/param.h $i_sysmount sys/mount.h
-eval $hasfield
+case "$d_statfs" in
+define) set d_statfsflags statfs f_flags $i_sysparam sys/param.h $i_sysmount sys/mount.h
+ eval $hasfield
+ ;;
+*) val="$undef"
+ set d_statfsflags
+ eval $setvar
+ ;;
+esac
: see if statvfs exists
@@ -8821,6 +8829,10 @@ eval $hasproto
set getlogin d_getlogin
eval $inlibc
+: see if getmnt exists
+set getmnt d_getmnt
+eval $inlibc
+
: see if getmntent exists
set getmntent d_getmntent
eval $inlibc
@@ -13594,6 +13606,7 @@ d_gethent='$d_gethent'
d_gethname='$d_gethname'
d_gethostprotos='$d_gethostprotos'
d_getlogin='$d_getlogin'
+d_getmnt='$d_getmnt'
d_getmntent='$d_getmntent'
d_getnbyaddr='$d_getnbyaddr'
d_getnbyname='$d_getnbyname'
diff --git a/Porting/config_H b/Porting/config_H
index d4fec6a334..a86112e943 100644
--- a/Porting/config_H
+++ b/Porting/config_H
@@ -17,7 +17,7 @@
/*
* Package name : perl5
* Source directory : .
- * Configuration time: Tue Oct 19 10:28:21 EET DST 1999
+ * Configuration time: Sat Oct 23 19:30:38 EET DST 1999
* Configured by : jhi
* Target system : osf1 alpha.hut.fi v4.0 878 alpha
*/
@@ -40,7 +40,7 @@
* This symbol indicates the C compiler can check for function attributes,
* such as printf formats. This is normally only supported by GNU cc.
*/
-/*#define HASATTRIBUTE / **/
+#define HASATTRIBUTE /**/
#ifndef HASATTRIBUTE
#define __attribute__(_arg_)
#endif
@@ -1193,7 +1193,7 @@
* probably use memmove() or memcpy(). If neither is defined, roll your
* own version.
*/
-/*#define HAS_SAFE_MEMCPY / **/
+#define HAS_SAFE_MEMCPY /**/
/* HAS_SANE_MEMCMP:
* This symbol, if defined, indicates that the memcmp routine is available
@@ -1423,8 +1423,8 @@
* This symbol contains the ~name expanded version of ARCHLIB, to be used
* in programs that are not prepared to deal with ~ expansion at run-time.
*/
-#define ARCHLIB "/opt/perl/lib/5.00562/alpha-dec_osf-thread" /**/
-#define ARCHLIB_EXP "/opt/perl/lib/5.00562/alpha-dec_osf-thread" /**/
+#define ARCHLIB "/usr/local/lib/perl5/5.00562/alpha-dec_osf" /**/
+#define ARCHLIB_EXP "/usr/local/lib/perl5/5.00562/alpha-dec_osf" /**/
/* BIN:
* This symbol holds the path of the bin directory where the package will
@@ -1434,8 +1434,8 @@
* This symbol is the filename expanded version of the BIN symbol, for
* programs that do not want to deal with that at run-time.
*/
-#define BIN "/opt/perl/bin" /**/
-#define BIN_EXP "/opt/perl/bin" /**/
+#define BIN "/usr/local/bin" /**/
+#define BIN_EXP "/usr/local/bin" /**/
/* INSTALL_USR_BIN_PERL:
* This symbol, if defined, indicates that Perl is to be installed
@@ -1453,8 +1453,8 @@
* This symbol contains the ~name expanded version of PRIVLIB, to be used
* in programs that are not prepared to deal with ~ expansion at run-time.
*/
-#define PRIVLIB "/opt/perl/lib/5.00562" /**/
-#define PRIVLIB_EXP "/opt/perl/lib/5.00562" /**/
+#define PRIVLIB "/usr/local/lib/perl5/5.00562" /**/
+#define PRIVLIB_EXP "/usr/local/lib/perl5/5.00562" /**/
/* SITEARCH:
* This symbol contains the name of the private library for this package.
@@ -1469,8 +1469,8 @@
* This symbol contains the ~name expanded version of SITEARCH, to be used
* in programs that are not prepared to deal with ~ expansion at run-time.
*/
-#define SITEARCH "/opt/perl/lib/site_perl/5.00562/alpha-dec_osf-thread" /**/
-#define SITEARCH_EXP "/opt/perl/lib/site_perl/5.00562/alpha-dec_osf-thread" /**/
+#define SITEARCH "/usr/local/lib/site_perl/5.00562/alpha-dec_osf" /**/
+#define SITEARCH_EXP "/usr/local/lib/site_perl/5.00562/alpha-dec_osf" /**/
/* SITELIB:
* This symbol contains the name of the private library for this package.
@@ -1485,8 +1485,8 @@
* This symbol contains the ~name expanded version of SITELIB, to be used
* in programs that are not prepared to deal with ~ expansion at run-time.
*/
-#define SITELIB "/opt/perl/lib/site_perl" /**/
-#define SITELIB_EXP "/opt/perl/lib/site_perl" /**/
+#define SITELIB "/usr/local/lib/site_perl" /**/
+#define SITELIB_EXP "/usr/local/lib/site_perl" /**/
/* PERL_VENDORLIB_EXP:
* This symbol contains the ~name expanded version of VENDORLIB, to be used
@@ -1546,10 +1546,10 @@
* This symbol is intended to be used along with CPPRUN in the same manner
* symbol CPPMINUS is used with CPPSTDIN. It contains either "-" or "".
*/
-#define CPPSTDIN "cppstdin"
-#define CPPMINUS ""
-#define CPPRUN "/usr/bin/cpp"
-#define CPPLAST ""
+#define CPPSTDIN "gcc -E"
+#define CPPMINUS "-"
+#define CPPRUN "gcc -E"
+#define CPPLAST "-"
/* HAS_ACCESS:
* This manifest constant lets the C program know that the access()
@@ -1655,7 +1655,7 @@
#define HAS_UNAME /**/
#undef HAS_PHOSTNAME
#ifdef HAS_PHOSTNAME
-#define PHOSTNAME "" /* How to get the host name */
+#define PHOSTNAME "/usr/bin/hostname" /* How to get the host name */
#endif
/* HAS_GETNETBYADDR:
@@ -2086,7 +2086,7 @@
/* MYMALLOC:
* This symbol, if defined, indicates that we're using our own malloc.
*/
-/*#define MYMALLOC / **/
+#define MYMALLOC /**/
/* SIG_NAME:
* This symbol contains a list of signal names in order of
@@ -2162,7 +2162,7 @@
* that use features like threads and multiplicity it is always
* for those versions.
*/
-/*#define PERL_BINCOMPAT_5005 / **/
+#define PERL_BINCOMPAT_5005 /**/
/* DLSYM_NEEDS_UNDERSCORE:
* This symbol, if defined, indicates that we need to prepend an
@@ -2190,6 +2190,12 @@
*/
/*#define HAS_FTELLO / **/
+/* HAS_GETMNT:
+ * This symbol, if defined, indicates that the getmnt routine is
+ * available.
+ */
+# HAS_GETMNT /**/
+
/* HAS_GETMNTENT:
* This symbol, if defined, indicates that the getmntent routine is
* available to iterate through mounted file systems.
@@ -2323,8 +2329,8 @@
* in the <db.h> header file. In older versions of DB, it was
* int, while in newer ones it is size_t.
*/
-#define DB_Hash_t u_int32_t /**/
-#define DB_Prefix_t size_t /**/
+#define DB_Hash_t int /**/
+#define DB_Prefix_t int /**/
/* I_INTTYPES:
* This symbol, if defined, indicates to the C program that it should
@@ -2441,7 +2447,7 @@
* script to make sure (one hopes) that it runs with perl and not
* some shell.
*/
-#define STARTPERL "#!/opt/perl/bin/perl" /**/
+#define STARTPERL "#!/usr/local/bin/perl" /**/
/* HAS_STDIO_STREAM_ARRAY:
* This symbol, if defined, tells that there is an array
@@ -2465,7 +2471,7 @@
* be used when available. If not defined, the native default interfaces
* will be used (be they 32 or 64 bits).
*/
-#define USE_64_BITS /**/
+/*#define USE_64_BITS / **/
/* USE_LARGE_FILES:
* This symbol, if defined, indicates that large file support
@@ -2502,7 +2508,7 @@
/* PERL_XS_APIVERSION:
* This variable contains the version of the oldest perl binary
* compatible with the present perl. perl.c:incpush() and
- * lib/lib.pm will automatically search in /opt/perl/lib/site_perl/5.00562/alpha-dec_osf-thread for older
+ * lib/lib.pm will automatically search in /usr/local/lib/site_perl/5.00562/alpha-dec_osf for older
* directories across major versions back to xs_apiversion.
* This is only useful if you have a perl library directory tree
* structured like the default one.
@@ -2521,7 +2527,7 @@
* compatible with the present perl. (That is, pure perl modules
* written for pm_apiversion will still work for the current
* version). perl.c:incpush() and lib/lib.pm will automatically
- * search in /opt/perl/lib/site_perl for older directories across major versions
+ * search in /usr/local/lib/site_perl for older directories across major versions
* back to pm_apiversion. This is only useful if you have a perl
* library directory tree structured like the default one. The
* versioned site_perl library was introduced in 5.005, so that's
@@ -2531,7 +2537,7 @@
* (presumably) be similar.
* See the INSTALL file for how this works.
*/
-#define PERL_XS_APIVERSION 5.00562 /* Change to string for tuples?*/
+#define PERL_XS_APIVERSION 5.005 /* Change to string for tuples?*/
#define PERL_PM_APIVERSION 5.005 /* Change to string for tuples?*/
/* HAS_DRAND48_PROTO:
@@ -2609,7 +2615,7 @@
* where library files may be held under a private library, for
* instance.
*/
-#define ARCHNAME "alpha-dec_osf-thread" /**/
+#define ARCHNAME "alpha-dec_osf" /**/
/* OLD_PTHREAD_CREATE_JOINABLE:
* This symbol, if defined, indicates how to create pthread
@@ -2660,7 +2666,7 @@
* This symbol, if defined, indicates that Perl should
* be built to use the old draft POSIX threads API.
*/
-#define USE_THREADS /**/
+/*#define USE_THREADS / **/
/*#define OLD_PTHREADS_API / **/
/* Time_t:
diff --git a/config_h.SH b/config_h.SH
index c10e3369a8..9198190de0 100644
--- a/config_h.SH
+++ b/config_h.SH
@@ -2204,6 +2204,12 @@ sed <<!GROK!THIS! >config.h -e 's!^#undef\(.*/\)\*!/\*#define\1 \*!' -e 's!^#un-
*/
#$d_ftello HAS_FTELLO /**/
+/* HAS_GETMNT:
+ * This symbol, if defined, indicates that the getmnt routine is
+ * available.
+ */
+#$d_getmnt HAS_GETMNT /**/
+
/* HAS_GETMNTENT:
* This symbol, if defined, indicates that the getmntent routine is
* available to iterate through mounted file systems.
diff --git a/embed.h b/embed.h
index bf2a0e800e..4dac84c7d7 100644
--- a/embed.h
+++ b/embed.h
@@ -841,7 +841,7 @@
#define usage S_usage
#define validate_suid S_validate_suid
# if defined(IAMSUID)
-#define fd_on_nosuid_fs S_fd_on_nosuid_fs
+#define file_on_nosuid_fs S_file_on_nosuid_fs
# endif
#define parse_body S_parse_body
#define run_body S_run_body
@@ -2193,7 +2193,7 @@
#define usage(a) S_usage(aTHX_ a)
#define validate_suid(a,b,c) S_validate_suid(aTHX_ a,b,c)
# if defined(IAMSUID)
-#define fd_on_nosuid_fs(a) S_fd_on_nosuid_fs(aTHX_ a)
+#define file_on_nosuid_fs(a,b) S_file_on_nosuid_fs(aTHX_ a,b)
# endif
#define parse_body(a) S_parse_body(aTHX_ a)
#define run_body(a) S_run_body(aTHX_ a)
@@ -4307,8 +4307,8 @@
#define S_validate_suid CPerlObj::S_validate_suid
#define validate_suid S_validate_suid
# if defined(IAMSUID)
-#define S_fd_on_nosuid_fs CPerlObj::S_fd_on_nosuid_fs
-#define fd_on_nosuid_fs S_fd_on_nosuid_fs
+#define S_file_on_nosuid_fs CPerlObj::S_file_on_nosuid_fs
+#define file_on_nosuid_fs S_file_on_nosuid_fs
# endif
#define S_parse_body CPerlObj::S_parse_body
#define parse_body S_parse_body
diff --git a/embed.pl b/embed.pl
index d2b0bb2d3a..280de29665 100755
--- a/embed.pl
+++ b/embed.pl
@@ -1860,7 +1860,7 @@ s |void |open_script |char *|bool|SV *|int *fd
s |void |usage |char *
s |void |validate_suid |char *|char*|int
# if defined(IAMSUID)
-s |int |fd_on_nosuid_fs|int fd
+s |int |file_on_nosuid_fs|int fd|char *path
# endif
s |void* |parse_body |va_list args
s |void* |run_body |va_list args
diff --git a/perl.c b/perl.c
index 4fb1771ae5..67c2ccc6e0 100644
--- a/perl.c
+++ b/perl.c
@@ -2178,15 +2178,17 @@ sed %s -e \"/^[^#]/b\" \
#ifdef IAMSUID
STATIC int
-S_fd_on_nosuid_fs(pTHX_ int fd)
+S_file_on_nosuid_fs(pTHX_ int fd, char *path)
{
int on_nosuid = 0;
int check_okay = 0;
/*
- * Preferred order: fstatvfs(), fstatfs(), getmntent().
- * fstatvfs() is UNIX98.
- * fstatfs() is BSD.
- * getmntent() is O(number-of-mounted-filesystems) and can hang.
+ * Preferred order: fstatvfs(), fstatfs(), getmnt(), getmntent().
+ * fstatvfs() is UNIX98 and uses the fd.
+ * fstatfs() is BSD 4.3+ and uses the fd.
+ * getmnt() is BSD 4.2 (4.1?) and uses the path.
+ * getmntent() is O(number-of-mounted-filesystems) and
+ * uses neither fd nor path and can hang.
*/
# ifdef HAS_FSTATVFS
@@ -2194,22 +2196,18 @@ S_fd_on_nosuid_fs(pTHX_ int fd)
check_okay = fstatvfs(fd, &stfs) == 0;
on_nosuid = check_okay && (stfs.f_flag & ST_NOSUID);
# else
-# if defined(HAS_FSTATFS) && defined(HAS_STRUCT_STATFS_FLAGS)
- struct statfs stfs;
+# ifdef PERL_MOUNT_NOSUID
+# if defined(HAS_FSTATFS) && defined(HAS_STRUCT_STATFS_FLAGS)
+ struct statfs stfs;
check_okay = fstatfs(fd, &stfs) == 0;
-# undef PERL_MOUNT_NOSUID
-# if !defined(PERL_MOUNT_NOSUID) && defined(MNT_NOSUID)
-# define PERL_MOUNT_NOSUID MNT_NOSUID
-# endif
-# if !defined(PERL_MOUNT_NOSUID) && defined(MS_NOSUID)
-# define PERL_MOUNT_NOSUID MS_NOSUID
-# endif
-# if !defined(PERL_MOUNT_NOSUID) && defined(M_NOSUID)
-# define PERL_MOUNT_NOSUID M_NOSUID
-# endif
-# ifdef PERL_MOUNT_NOSUID
on_nosuid = check_okay && (stfs.f_flags & PERL_MOUNT_NOSUID);
-# endif
+# else
+# ifdef HAS_GETMNT
+ struct fs_data fsd;
+ check_okay = getmnt(0, &fsd, 0, NOSTAT_ONE, path) == 1;
+ on_nosuid = check_okay && (fsd.fd_req.flags & PERL_MOUNT_NOSUID);
+# endif /* getmnt */
+# endif /* fstatfs */
# else
# if defined(HAS_GETMNTENT) && defined(HAS_HASMNTOPT) && defined(MNTOPT_NOSUID)
FILE *mtab = fopen("/etc/mtab", "r");
@@ -2217,25 +2215,24 @@ S_fd_on_nosuid_fs(pTHX_ int fd)
struct stat stb, fsb;
if (mtab && (fstat(fd, &stb) == 0)) {
- while (entry = getmntent(mtab)) {
- if (stat(entry->mnt_dir, &fsb) == 0
- && fsb.st_dev == stb.st_dev)
+ while ((entry = getmntent(mtab))) {
+ if (stat(entry->mnt_dir, &fsb) == 0 && fsb.st_dev == stb.st_dev)
{
/* found the filesystem */
check_okay = 1;
if (hasmntopt(entry, MNTOPT_NOSUID))
on_nosuid = 1;
break;
- } /* A single fs may well fail its stat(). */
+ } /* A single fs may well fail its stat(). Or hang :-( */
}
}
if (mtab)
fclose(mtab);
-# endif /* mntent */
-# endif /* statfs */
-# endif /* statvfs */
+# endif /* getmntent */
+# endif /* PERL_MOUNT_NOSUID: fstatfs() or getmnt() */
+# endif /* fstatvfs */
if (!check_okay)
- Perl_croak(aTHX_ "Can't check filesystem of script \"%s\"", PL_origfilename);
+ Perl_croak(aTHX_ "Can't check filesystem of script \"%s\" for nosuid", PL_origfilename);
return on_nosuid;
}
#endif /* IAMSUID */
@@ -2309,7 +2306,7 @@ S_validate_suid(pTHX_ char *validarg, char *scriptname, int fdscript)
if (PerlLIO_stat(SvPVX(GvSV(PL_curcop->cop_filegv)),&tmpstatbuf) < 0)
Perl_croak(aTHX_ "Permission denied"); /* testing full pathname here */
#if defined(IAMSUID) && !defined(NO_NOSUID_CHECK)
- if (fd_on_nosuid_fs(PerlIO_fileno(PL_rsfp)))
+ if (file_on_nosuid_fs(PerlIO_fileno(PL_rsfp), scriptname))
Perl_croak(aTHX_ "Permission denied");
#endif
if (tmpstatbuf.st_dev != PL_statbuf.st_dev ||
diff --git a/perl.h b/perl.h
index 501c635c9f..e8d0cc9352 100644
--- a/perl.h
+++ b/perl.h
@@ -3202,12 +3202,23 @@ typedef struct am_table_short AMTS;
# include <sys/statvfs.h> /* for f?statvfs() */
#endif
#ifdef I_SYS_MOUNT
-# include <sys/mount.h> /* for *BSD f?statfs() */
+# include <sys/mount.h> /* for *BSD f?statfs() or getmnt() */
#endif
#ifdef I_MNTENT
# include <mntent.h> /* for getmntent() */
#endif
+#undef PERL_MOUNT_NOSUID
+#if !defined(PERL_MOUNT_NOSUID) && defined(MNT_NOSUID)
+# define PERL_MOUNT_NOSUID MNT_NOSUID
+#endif
+#if !defined(PERL_MOUNT_NOSUID) && defined(MS_NOSUID)
+# define PERL_MOUNT_NOSUID MS_NOSUID
+#endif
+#if !defined(PERL_MOUNT_NOSUID) && defined(M_NOSUID)
+# define PERL_MOUNT_NOSUID M_NOSUID
+#endif
+
#endif /* IAMSUID */
/* and finally... */
diff --git a/pod/perldiag.pod b/pod/perldiag.pod
index 5b1c324a48..3c0a212077 100644
--- a/pod/perldiag.pod
+++ b/pod/perldiag.pod
@@ -636,9 +636,11 @@ Something like this will reproduce the error:
(F) You called C<perl -x/foo/bar>, but C</foo/bar> is not a directory
that you can chdir to, possibly because it doesn't exist.
-=item Can't check filesystem of script "%s"
+=item Can't check filesystem of script "%s" for nosuid
-(P) For some reason you can't check the filesystem of the script for nosuid.
+(P) For some reason you can't check the filesystem of the script for nosuid
+(whether the filesystem has been mounted to disallow the execution of suid
+(and sgid) programs)
=item Can't coerce %s to integer in %s
diff --git a/proto.h b/proto.h
index 627dfd4b35..1cd7980d7c 100644
--- a/proto.h
+++ b/proto.h
@@ -817,7 +817,7 @@ STATIC void S_open_script(pTHX_ char *, bool, SV *, int *fd);
STATIC void S_usage(pTHX_ char *);
STATIC void S_validate_suid(pTHX_ char *, char*, int);
# if defined(IAMSUID)
-STATIC int S_fd_on_nosuid_fs(pTHX_ int fd);
+STATIC int S_file_on_nosuid_fs(pTHX_ int fd, char *path);
# endif
STATIC void* S_parse_body(pTHX_ va_list args);
STATIC void* S_run_body(pTHX_ va_list args);