diff options
| author | Ævar Arnfjörð Bjarmason <avar@cpan.org> | 2012-02-12 18:56:35 +0000 |
|---|---|---|
| committer | Ævar Arnfjörð Bjarmason <avar@cpan.org> | 2012-02-18 23:39:38 +0000 |
| commit | 985213f2fede57896814a0d7f5d12b04cc05be5b (patch) | |
| tree | dba5979a55b4d6a426815d208821d5a0fdf6fa06 /taint.c | |
| parent | f0bcc49ad675e0a60f19580435d94bbee904084d (diff) | |
| download | perl-985213f2fede57896814a0d7f5d12b04cc05be5b.tar.gz | |
Remove gete?[ug]id caching
Currently we cache the UID/GID and effective UID/GID similarly to how
we used to cache getpid() before v5.14.0-251-g0e21945. Remove this
magical behavior in favor of always calling getpid(), getgid()
etc. This resolves RT #96208.
A minimal testcase for this is the following by Leon Timmermans
attached to RT #96208:
eval { require 'syscall.ph'; 1 } or eval { require 'sys/syscall.ph'; 1 } or die $@;
if (syscall(&SYS_setuid, $ARGV[0] + 0 || 1000) >= 0 or die "$!") {
printf "\$< = %d, getuid = %d\n", $<, syscall(&SYS_getuid);
}
I.e. if we call the sete?[ug]id() functions unbeknownst to perl the
$<, $>, $( and $) variables won't be updated. This results in the same
sort of issues we had with $$ before v5.14.0-251-g0e21945, and
getppid() before my v5.15.7-407-gd7c042c patch.
I'm completely eliminating the PL_egid, PL_euid, PL_gid and PL_uid
variables as part of this patch, this will break some CPAN modules,
but it'll be really easy before the v5.16.0 final to reinstate
them. I'd like to remove them to see what breaks, and how easy it is
to fix it.
These variables are not part of the public API, and the modules using
them could either use the Perl_gete?[ug]id() functions or are working
around the bug I'm fixing with this commit.
The new PL_delaymagic_(egid|euid|gid|uid) variables I'm adding are
*only* intended to be used internally in the interpreter to facilitate
the delaymagic in Perl_pp_sassign. There's probably some way not to
export these to programs that embed perl, but I haven't found out how
to do that.
Diffstat (limited to 'taint.c')
| -rw-r--r-- | taint.c | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -33,8 +33,8 @@ Perl_taint_proper(pTHX_ const char *f, const char *const s) # if Uid_t_size == 1 { - const UV uid = PL_uid; - const UV euid = PL_euid; + const UV uid = PerlProc_getuid(); + const UV euid = PerlProc_geteuid(); DEBUG_u(PerlIO_printf(Perl_debug_log, "%s %d %"UVuf" %"UVuf"\n", @@ -42,8 +42,8 @@ Perl_taint_proper(pTHX_ const char *f, const char *const s) } # else { - const IV uid = PL_uid; - const IV euid = PL_euid; + const IV uid = PerlProc_getuid(); + const IV euid = PerlProc_geteuid(); DEBUG_u(PerlIO_printf(Perl_debug_log, "%s %d %"IVdf" %"IVdf"\n", @@ -57,9 +57,9 @@ Perl_taint_proper(pTHX_ const char *f, const char *const s) if (!f) f = PL_no_security; - if (PL_euid != PL_uid) + if (PerlProc_getuid() != PerlProc_geteuid()) ug = " while running setuid"; - else if (PL_egid != PL_gid) + else if (PerlProc_getgid() != PerlProc_getegid()) ug = " while running setgid"; else if (PL_taint_warn) ug = " while running with -t switch"; |