Plug the security hole described in the Aug 05 2000 bugtraq message

"sperl 5.00503 (and newer ;) exploit" by Michal Zalewski. The security hole exists only in suidperls, which isn't installed or even built by default. p4raw-id: //depot/perl@6536
author: Jarkko Hietaniemi <jhi@iki.fi> 2000-08-07 15:05:29 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2000-08-07 15:05:29 +0000
commit: 9feff13c269d28cf1435d1f62481a5d18a330707 (patch)
tree: 8be8fa07c368cc2b7b9eadc1ce576316204e449e /perl.c
parent: fdbb8cbde311423021cac075eca818cc6b8ae2e4 (diff)
download: perl-9feff13c269d28cf1435d1f62481a5d18a330707.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/perl.c b/perl.c
index 969d783244..ed8befaa66 100644
--- a/perl.c
+++ b/perl.c
@@ -2851,6 +2851,7 @@ S_validate_suid(pTHX_ char *validarg, char *scriptname, int fdscript)
 	    if (tmpstatbuf.st_dev != PL_statbuf.st_dev ||
 		tmpstatbuf.st_ino != PL_statbuf.st_ino) {
 		(void)PerlIO_close(PL_rsfp);
+#ifdef MAIL_CAN_BE_USED_SAFELY /* No, it can't.  As of Aug 05 200, there's bugtraq exploit.  */
 		if (PL_rsfp = PerlProc_popen("/bin/mail root","w")) {	/* heh, heh */
 		    PerlIO_printf(PL_rsfp,
 "User %"Uid_t_f" tried to run dev %ld ino %ld in place of dev %ld ino %ld!\n\
@@ -2861,6 +2862,7 @@ S_validate_suid(pTHX_ char *validarg, char *scriptname, int fdscript)
 			PL_statbuf.st_uid, PL_statbuf.st_gid);
 		    (void)PerlProc_pclose(PL_rsfp);
 		}
+#endif
 		Perl_croak(aTHX_ "Permission denied\n");
 	    }
 	    if (
author	Jarkko Hietaniemi <jhi@iki.fi>	2000-08-07 15:05:29 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2000-08-07 15:05:29 +0000
commit	9feff13c269d28cf1435d1f62481a5d18a330707 (patch)
tree	8be8fa07c368cc2b7b9eadc1ce576316204e449e /perl.c
parent	fdbb8cbde311423021cac075eca818cc6b8ae2e4 (diff)
download	perl-9feff13c269d28cf1435d1f62481a5d18a330707.tar.gz