diff options
author | Neil Bowers <neilb@neilb.org> | 2022-03-16 23:43:53 +0000 |
---|---|---|
committer | Paul Evans <leonerd@leonerd.org.uk> | 2022-04-20 11:38:21 +0100 |
commit | 39f8eb4a21670e6b973dcfc86d0b1339064f5642 (patch) | |
tree | a4cb56aa6e1ecc5bcee37d1a45da13c3ef17a273 /Configure | |
parent | 79311730f400cc7f546ab72f6dbb22fddb27856d (diff) | |
download | perl-39f8eb4a21670e6b973dcfc86d0b1339064f5642.tar.gz |
Add Configure question for taint support
This adds a Configure question for whether you want taint support.
It defaults to "yes", so that ./Configure -des will build a perl
which supports taint in the usual way.
If you say "no", then perl is compiled with -DSILENT_NO_TAINT_SUPPORT
so that taint features silently do nothing.
I've submitted a separate pull request on perl/metaconfig,
which adds the underlying metaconfig unit for this question,
which was used to build this Configure script.
Diffstat (limited to 'Configure')
-rwxr-xr-x | Configure | 44 |
1 files changed, 43 insertions, 1 deletions
@@ -1333,6 +1333,7 @@ stdchar='' d_stdio_stream_array='' stdio_stream_array='' sysman='' +taint_support='' sGMTIME_max='' sGMTIME_min='' sLOCALTIME_max='' @@ -7305,6 +7306,40 @@ esac : confusing anyway. installstyle=$dflt +: U/perl/taint_support.U - do we want taint support? +case "$taint_support" in + $undef|false|[Nn]*) + dflt="n" + ;; + *) + dflt="y" + ;; +esac +cat >&4 <<EOM + + +Perl can provide a set of special security checks, which are known +as taint mode. The most well-known of these is that data derived +from outside your program should not be trusted ("is tainted") +until you have checked it. + +These days there are many more security considerations, and as a result +taint mode isn't widely used. But support for it adds a runtime overhead, +whether or not you use it. As a result, you can choose to build Perl +without taint support. + +EOM +rp='Do you want to build Perl with taint support?' +. ./myread +case "$ans" in +$undef|false|n|N) val="$undef" + ccflags="$ccflags -DSILENT_NO_TAINT_SUPPORT" + ;; +*) val="$define" ;; +esac +set taint_support +eval $setvar + : determine where public executables go echo " " set dflt bin bin @@ -7330,7 +7365,13 @@ cat <<EOM Would you like to build Perl so that the installation is relocatable, so that library paths in @INC are determined relative to the path of the perl binary? This is not advised for system Perl installs, or if you need to run setid -scripts or scripts under taint mode. +EOM +if test "X$taint_support" = "X$define"; then + echo "scripts or scripts under taint mode." >&4 +else + echo "scripts." >&4 +fi +cat <<EOM If this doesn't make any sense to you, just accept the default '$dflt'. EOM @@ -25571,6 +25612,7 @@ subversion='$subversion' sysman='$sysman' sysroot='$sysroot' tail='$tail' +taint_support='$taint_support' tar='$tar' targetarch='$targetarch' targetdir='$targetdir' |