summaryrefslogtreecommitdiff
path: root/pod/perlsec.pod
diff options
context:
space:
mode:
authorPerl 5 Porters <perl5-porters@africa.nicoh.com>1997-03-26 07:04:34 +1200
committerChip Salzenberg <chip@atlantic.net>1997-03-26 07:04:34 +1200
commit54310121b442974721115f93666234a200f5c7e4 (patch)
tree99b5953030ddf062d77206ac0cf8ac967e7cbd93 /pod/perlsec.pod
parentd03407ef6d8e534a414e9ce92c6c5c8dab664a40 (diff)
downloadperl-54310121b442974721115f93666234a200f5c7e4.tar.gz
[inseperable changes from patch from perl-5.003_95 to perl-5.003_86]
[editor's note: this commit was prepared manually so may differ in minor ways to other inseperable changes commits] CORE LANGUAGE CHANGES Title: "Support $ENV{PERL5OPT}" From: Chip Salzenberg Files: perl.c pod/perldiag.pod pod/perldelta.pod pod/perlrun.pod Title: "Implement void context, in which C<wantarray> is undef" From: Chip Salzenberg Files: cop.h doop.c dump.c global.sym gv.c op.c op.h perl.c pod/perlcall.pod pod/perldelta.pod pod/perlfunc.pod pod/perlguts.pod pod/perlsub.pod pp.c pp_ctl.c pp_hot.c pp_sys.c proto.h Title: "Don't look up &AUTOLOAD in @ISA when calling plain function" From: Chip Salzenberg Files: global.sym gv.c lib/Text/ParseWords.pm pod/perldelta.pod pp_hot.c proto.h t/op/method.t Title: "Allow closures to be constant subroutines" From: Chip Salzenberg Files: op.c Title: "Make C<scalar(reverse)> mean C<scalar(reverse $_)>" From: Chip Salzenberg Files: pp.c Title: "Fix lexical suicide from C<my $x = $x> in sub" From: Chip Salzenberg Files: op.c Title: "Make "Unrecog. char." fatal, and update its doc" From: Chip Salzenberg Files: pod/perldiag.pod toke.c CORE PORTABILITY Title: "safefree() mismatch" From: Roderick Schertler Msg-ID: <21338.859653381@eeyore.ibcinc.com> Date: Sat, 29 Mar 1997 11:36:21 -0500 Files: util.c (applied based on p5p patch as commit id 9b9b466fb02dc96c81439bafbb3b2da55238cfd2) Title: "Win32 update (seven patches)" From: Gurusamy Sarathy and Nick Ing-Simmons Files: EXTERN.h MANIFEST win32/Makefile win32/perl.mak win32/perl.rc win32/perldll.mak win32/makedef.pl win32/modules.mak win32/win32io.c win32/bin/pl2bat.bat OTHER CORE CHANGES Title: "Report PERL* environment variables in -V and perlbug" From: Chip Salzenberg Files: perl.c utils/perlbug.PL Title: "Typo in perl.c: Printing NO_EMBED for perl -V" From: Gisle Aas Msg-ID: <199703301922.VAA13509@furubotn.sn.no> Date: Sun, 30 Mar 1997 21:22:11 +0200 Files: perl.c (applied based on p5p patch as commit id b6c639e4b1912ad03b9b10ba9518d96bd0a6cfaf) Title: "Don't let C<$var = $var> untaint $var" From: Chip Salzenberg Files: pp_hot.c pp_sys.c sv.h t/op/taint.t Title: "Fix autoviv bug in C<my $x; ++$x->{KEY}>" From: Chip Salzenberg Files: pp_hot.c Title: "Re: 5.004's new srand() default seed" From: Hallvard B Furuseth Msg-ID: <199703302219.AAA20998@bombur2.uio.no> Date: Mon, 31 Mar 1997 00:19:13 +0200 (MET DST) Files: pp.c (applied based on p5p patch as commit id d7d933a26349f945f93b2f0dbf85b773d8ca3219) Title: "Re: embedded perl and top_env problem " From: Gurusamy Sarathy Msg-ID: <199703280031.TAA05711@aatma.engin.umich.edu> Date: Thu, 27 Mar 1997 19:31:42 -0500 Files: gv.c interp.sym perl.c perl.h pp_ctl.c pp_sys.c scope.h util.c (applied based on p5p patch as commit id f289f7d2518e7a8a82114282e774adf50fa6ce85) Title: "Define and use new macro: boolSV()" From: Tim Bunce Files: gv.c lib/ExtUtils/typemap os2/os2.c pp.c pp_hot.c pp_sys.c sv.c sv.h universal.c vms/vms.c Title: "Re: strict @F" From: Hallvard B Furuseth Msg-ID: <199703252110.WAA16038@bombur2.uio.no> Date: Tue, 25 Mar 1997 22:10:33 +0100 (MET) Files: toke.c (applied based on p5p patch as commit id dfd44a5c8c8dd4c001c595debfe73d011a96d844) Title: "Try harder to identify errors at EOF" From: Chip Salzenberg Files: toke.c Title: "Minor string change in toke.c: 'bareword'" From: lvirden@cas.org Msg-ID: <1997Mar27.130247.1911552@hmivax.humgen.upenn.edu> Date: Thu, 27 Mar 1997 13:02:46 -0500 (EST) Files: toke.c (applied based on p5p patch as commit id 9b56c8f8085a9e773ad87c6b3c1d0b5e39dbc348) Title: "Improve diagnostic on \r in program text" From: Chip Salzenberg Files: pod/perldiag.pod toke.c Title: "Make Sock_size_t typedef work right" From: Chip Salzenberg Files: perl.h pp_sys.c LIBRARY AND EXTENSIONS Title: "New module constant.pm" From: Tom Phoenix Files: MANIFEST lib/constant.pm op.c pp.c t/pragma/constant.t Title: "Remove chat2" From: Chip Salzenberg Files: MANIFEST lib/chat2.inter lib/chat2.pl Title: "Include CGI.pm 2.32" From: Chip Salzenberg Files: MANIFEST eg/cgi/* lib/CGI.pm lib/CGI/Apache.pm lib/CGI/Carp.pm lib/CGI/Fast.pm lib/CGI/Push.pm lib/CGI/Switch.pm UTILITIES Title: "Tom C's Pod::Html and html tools, as of 30 March 97" From: Chip Salzenberg Files: MANIFEST installhtml lib/Pod/Html.pm pod/pod2html.PL Title: "Fix path bugs in installhtml" From: Robin Barker <rmb1@cise.npl.co.uk> Msg-ID: <3180.9703270906@tempest.cise.npl.co.uk> Date: Thu, 27 Mar 97 09:06:14 GMT Files: installhtml Title: "Make perlbug say that it's only for core Perl bugs" From: Chip Salzenberg Files: utils/perlbug.PL DOCUMENTATION Title: "Document autouse and constant; update diagnostics" From: Chip Salzenberg Files: pod/perldelta.pod Title: "Suggest to upgraders that they try '-w' again" From: Hallvard B Furuseth Msg-ID: <199703251901.UAA15982@bombur2.uio.no> Date: Tue, 25 Mar 1997 20:01:26 +0100 (MET) Files: pod/perldelta.pod (applied based on p5p patch as commit id 4176c059b9ba6b022e99c44270434a5c3e415b73) Title: "Improve and update documentation of constant subs" From: Tom Phoenix <rootbeer@teleport.com> Msg-ID: <Pine.GSO.3.96.970331122546.14185C-100000@kelly.teleport.com> Date: Mon, 31 Mar 1997 13:05:54 -0800 (PST) Files: pod/perlsub.pod Title: "Improve documentation of C<return>" From: Chip Salzenberg Files: pod/perlfunc.pod pod/perlsub.pod Title: "perlfunc.pod patch" From: Gisle Aas Msg-ID: <199703262159.WAA17531@furubotn.sn.no> Date: Wed, 26 Mar 1997 22:59:23 +0100 Files: pod/perlfunc.pod (applied based on p5p patch as commit id 35a731fcbcd7860eb497d6598f3f77b8746319c4) Title: "Use 'while (defined($x = <>)) {}', per <gnat@frii.com>" From: Chip Salzenberg Files: configpm lib/Term/Cap.pm perlsh pod/perlipc.pod pod/perlop.pod pod/perlsub.pod pod/perlsyn.pod pod/perltrap.pod pod/perlvar.pod win32/bin/search.bat Title: "Document and test C<%> behavior with negative operands" From: Chip Salzenberg Files: pod/perlop.pod t/op/arith.t Title: "Update docs on $]" From: Chip Salzenberg Files: pod/perlvar.pod Title: "perlvar.pod patch" From: Gisle Aas Msg-ID: <199703261254.NAA10237@bergen.sn.no> Date: Wed, 26 Mar 1997 13:54:00 +0100 Files: pod/perlvar.pod (applied based on p5p patch as commit id 0aa182cb0caa3829032904b9754807b1b7418509) Title: "Fix example of C<or> vs. C<||>" From: Chip Salzenberg Files: pod/perlsyn.pod Title: "Pod usage and spelling patch" From: Larry W. Virden Files: pod/*.pod Title: "Pod updates" From: "Cary D. Renzema" <caryr@mxim.com> Msg-ID: <199703262353.PAA01819@macs.mxim.com> Date: Wed, 26 Mar 1997 15:53:22 -0800 (PST) Files: pod/*.pod (applied based on p5p patch as commit id 5695b28edc67a3f45e8a0f25755d07afef3660ac)
Diffstat (limited to 'pod/perlsec.pod')
-rw-r--r--pod/perlsec.pod50
1 files changed, 25 insertions, 25 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 0d72cf0ca6..e21f97f21f 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -6,10 +6,10 @@ perlsec - Perl security
Perl is designed to make it easy to program securely even when running
with extra privileges, like setuid or setgid programs. Unlike most
-command-line shells, which are based on multiple substitution passes on
+command line shells, which are based on multiple substitution passes on
each line of the script, Perl uses a more conventional evaluation scheme
with fewer hidden snags. Additionally, because the language has more
-built-in functionality, it can rely less upon external (and possibly
+builtin functionality, it can rely less upon external (and possibly
untrustworthy) programs to accomplish its purposes.
Perl automatically enables a set of special security checks, called I<taint
@@ -29,7 +29,7 @@ and it is these checks especially that contribute to making a setuid Perl
program more secure than the corresponding C program.
You may not use data derived from outside your program to affect something
-else outside your program--at least, not by accident. All command-line
+else outside your program--at least, not by accident. All command line
arguments, environment variables, locale information (see L<perllocale>),
and file input are marked as "tainted". Tainted data may not be used
directly or indirectly in any command that invokes a sub-shell, nor in any
@@ -57,7 +57,7 @@ For example:
$path = $ENV{'PATH'}; # $path now tainted
- $ENV{'PATH'} = '/bin:/usr/bin';
+ $ENV{'PATH'} = '/bin:/usr/bin';
$ENV{'IFS'} = '' if $ENV{'IFS'} ne '';
$path = $ENV{'PATH'}; # $path now NOT tainted
@@ -82,7 +82,7 @@ For example:
If you try to do something insecure, you will get a fatal error saying
something like "Insecure dependency" or "Insecure PATH". Note that you
can still write an insecure B<system> or B<exec>, but only by explicitly
-doing something like the last example above.
+doing something like the last example above.
=head2 Laundering and Detecting Tainted Data
@@ -91,9 +91,9 @@ trigger an "Insecure dependency" message, you can use the following
I<is_tainted()> function.
sub is_tainted {
- return ! eval {
- join('',@_), kill 0;
- 1;
+ return ! eval {
+ join('',@_), kill 0;
+ 1;
};
}
@@ -106,7 +106,7 @@ same expression, the whole expression is considered tainted.
But testing for taintedness gets you only so far. Sometimes you have just
to clear your data's taintedness. The only way to bypass the tainting
-mechanism is by referencing sub-patterns from a regular expression match.
+mechanism is by referencing subpatterns from a regular expression match.
Perl presumes that if you reference a substring using $1, $2, etc., that
you knew what you were doing when you wrote the pattern. That means using
a bit of thought--don't just blindly untaint anything, or you defeat the
@@ -119,7 +119,7 @@ Here's a test to make sure that the data contains nothing but "word"
characters (alphabetics, numerics, and underscores), a hyphen, an at sign,
or a dot.
- if ($data =~ /^([-\@\w.]+)$/) {
+ if ($data =~ /^([-\@\w.]+)$/) {
$data = $1; # $data now untainted
} else {
die "Bad data in $data"; # log this somewhere
@@ -146,12 +146,12 @@ block. See L<perllocale/SECURITY> for further discussion and examples.
When you make a script executable, in order to make it usable as a
command, the system will pass switches to perl from the script's #!
-line. Perl checks that any command-line switches given to a setuid
+line. Perl checks that any command line switches given to a setuid
(or setgid) script actually match the ones set on the #! line. Some
-UNIX and UNIX-like environments impose a one-switch limit on the #!
+Unix and Unix-like environments impose a one-switch limit on the #!
line, so you may need to use something like C<-wU> instead of C<-w -U>
-under such systems. (This issue should arise only in UNIX or
-UNIX-like environments that support #! and setuid or setgid scripts.)
+under such systems. (This issue should arise only in Unix or
+Unix-like environments that support #! and setuid or setgid scripts.)
=head2 Cleaning Up Your Path
@@ -164,7 +164,7 @@ it's generated because you never set your PATH environment variable, or
you didn't set it to something that was safe. Because Perl can't
guarantee that the executable in question isn't itself going to turn
around and execute some other program that is dependent on your PATH, it
-makes sure you set the PATH.
+makes sure you set the PATH.
It's also possible to get into trouble with other operations that don't
care whether they use tainted values. Make judicious use of the file
@@ -177,8 +177,8 @@ prevent stupid mistakes, not to remove the need for thought.
Perl does not call the shell to expand wild cards when you pass B<system>
and B<exec> explicit parameter lists instead of strings with possible shell
wildcards in them. Unfortunately, the B<open>, B<glob>, and
-back-tick functions provide no such alternate calling convention, so more
-subterfuge will be required.
+backtick functions provide no such alternate calling convention, so more
+subterfuge will be required.
Perl provides a reasonably safe way to open a file or pipe from a setuid
or setgid program: just create a child process with reduced privilege who
@@ -193,13 +193,13 @@ parent. Because the file or pipe was opened in the child while running
under less privilege than the parent, it's not apt to be tricked into
doing something it shouldn't.
-Here's a way to do back-ticks reasonably safely. Notice how the B<exec> is
+Here's a way to do backticks reasonably safely. Notice how the B<exec> is
not called with a string that the shell could expand. This is by far the
best way to call something that might be subjected to shell escapes: just
never call the shell at all. By the time we get to the B<exec>, tainting
is turned off, however, so be careful what you call and what you pass it.
- use English;
+ use English;
die unless defined $pid = open(KID, "-|");
if ($pid) { # parent
while (<KID>) {
@@ -247,7 +247,7 @@ Alternately, it can simply ignore the setuid bit on scripts. If the
latter is true, Perl can emulate the setuid and setgid mechanism when it
notices the otherwise useless setuid/gid bits on Perl scripts. It does
this via a special executable called B<suidperl> that is automatically
-invoked for you if it's needed.
+invoked for you if it's needed.
However, if the kernel setuid script feature isn't disabled, Perl will
complain loudly that your setuid script is insecure. You'll need to
@@ -258,14 +258,14 @@ kernel bug that plagues setuid scripts. Here's a simple wrapper, written
in C:
#define REAL_PATH "/path/to/script"
- main(ac, av)
+ main(ac, av)
char **av;
{
execv(REAL_PATH, av);
- }
+ }
-Compile this wrapper into a binary executable and then make I<it> rather
-than your script setuid or setgid.
+Compile this wrapper into a binary executable and then make I<it> rather
+than your script setuid or setgid.
See the program B<wrapsuid> in the F<eg> directory of your Perl
distribution for a convenient way to do this automatically for all your
@@ -308,7 +308,7 @@ instead of fixing them, is little security indeed.
You can try using encryption via source filters (Filter::* from CPAN).
But crackers might be able to decrypt it. You can try using the
-byte-code compiler and interpreter described below, but crackers might
+byte code compiler and interpreter described below, but crackers might
be able to de-compile it. You can try using the native-code compiler
described below, but crackers might be able to disassemble it. These
pose varying degrees of difficulty to people wanting to get at your