Fix checks for tainted dir in $ENV{PATH}

$ cat > foo #!/usr/bin/perl print "What?!\n" ^D $ chmod +x foo $ ./perl -Ilib -Te '$ENV{PATH}="."; exec "foo"' Insecure directory in $ENV{PATH} while running with -T switch at -e line 1. That is what I expect to see. But: $ ./perl -Ilib -Te '$ENV{PATH}="/\\:."; exec "foo"' What?! Perl is allowing the \ to escape the :, but the \ is not treated as an escape by the system, allowing a relative path in PATH to be consid- ered safe.
author: Father Chrysostomos <sprout@cpan.org> 2016-09-03 13:30:22 -0700
committer: Father Chrysostomos <sprout@cpan.org> 2016-09-03 18:51:41 -0700
commit: ba0a4150f6f1604df236035adf6df18bd43de88e (patch)
tree: 04c01c3acb428079b256a36f99efb832403e68d7 /embed.h
parent: fac2c98c83b1d3b5039146aa7b14e3ed41f65cc4 (diff)
download: perl-ba0a4150f6f1604df236035adf6df18bd43de88e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/embed.h b/embed.h
index 8220ab567d..8be5109a28 100644
--- a/embed.h
+++ b/embed.h
@@ -1216,6 +1216,7 @@
 #define deb_stack_all()		Perl_deb_stack_all(aTHX)
 #define defelem_target(a,b)	Perl_defelem_target(aTHX_ a,b)
 #define delete_eval_scope()	Perl_delete_eval_scope(aTHX)
+#define delimcpy_no_escape	Perl_delimcpy_no_escape
 #define die_unwind(a)		Perl_die_unwind(aTHX_ a)
 #define do_aexec5(a,b,c,d,e)	Perl_do_aexec5(aTHX_ a,b,c,d,e)
 #define do_dump_pad(a,b,c,d)	Perl_do_dump_pad(aTHX_ a,b,c,d)
author	Father Chrysostomos <sprout@cpan.org>	2016-09-03 13:30:22 -0700
committer	Father Chrysostomos <sprout@cpan.org>	2016-09-03 18:51:41 -0700
commit	ba0a4150f6f1604df236035adf6df18bd43de88e (patch)
tree	04c01c3acb428079b256a36f99efb832403e68d7 /embed.h
parent	fac2c98c83b1d3b5039146aa7b14e3ed41f65cc4 (diff)
download	perl-ba0a4150f6f1604df236035adf6df18bd43de88e.tar.gz