summaryrefslogtreecommitdiff
path: root/taint.c
Commit message (Collapse)AuthorAgeFilesLines
* Stop making assumptions about uids and gids.Brian Fraser2013-06-041-14/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The code dealt rather inconsistently with uids and gids. Some places assumed that they could be safely stored in UVs, others in IVs, others in ints; All of them should've been using the macros from config.h instead. Similarly, code that created SVs or pushed values into the stack was also making incorrect assumptions -- As a point of reference, only pp_stat did the right thing: #if Uid_t_size > IVSIZE mPUSHn(PL_statcache.st_uid); #else # if Uid_t_sign <= 0 mPUSHi(PL_statcache.st_uid); # else mPUSHu(PL_statcache.st_uid); # endif #endif The other places were potential bugs, and some were even causing warnings in some unusual OSs, like haiku or qnx. This commit ammends the situation by introducing four new macros, SvUID(), sv_setuid(), SvGID(), and sv_setgid(), and using them where needed.
* silence warnings under NO_TAINT_SUPPORTDavid Mitchell2013-05-091-0/+7
| | | | | The are lots of places where local vars aren't used when compiled with NO_TAINT_SUPPORT.
* Change core calls of isALNUM() to isWORDCHAR()Karl Williamson2012-12-311-2/+2
| | | | The latter is more clearly named to indicate it includes the underscore.
* Add C define to remove taint support from perlSteffen Mueller2012-11-051-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By defining NO_TAINT_SUPPORT, all the various checks that perl does for tainting become no-ops. It's not an entirely complete change: it doesn't attempt to remove the taint-related interpreter variables, but instead virtually eliminates access to it. Why, you ask? Because it appears to speed up perl's run-time significantly by avoiding various "are we running under taint" checks and the like. This change is not in a state to go into blead yet. The actual way I implemented it might raise some (valid) objections. Basically, I replaced all uses of the global taint variables (but not PL_taint_warn!) with an extra layer of get/set macros (TAINT_get/TAINTING_get). Furthermore, the change is not complete: - PL_taint_warn would likely deserve the same treatment. - Obviously, tests fail. We have tests for -t/-T - Right now, I added a Perl warn() on startup when -t/-T are detected but the perl was not compiled support it. It might be argued that it should be silently ignored! Needs some thinking. - Code quality concerns - needs review. - Configure support required. - Needs thinking: How does this tie in with CPAN XS modules that use PL_taint and friends? It's easy to backport the new macros via PPPort, but that doesn't magically change all code out there. Might be harmless, though, because whenever you're running under NO_TAINT_SUPPORT, any check of PL_taint/etc is going to come up false. Thus, the only CPAN code that SHOULD be adversely affected is code that changes taint state.
* update the editor hints for spaces, not tabsRicardo Signes2012-05-291-2/+2
| | | | | This updates the editor hints in our files for Emacs and vim to request that tabs be inserted as spaces.
* Remove gete?[ug]id cachingÆvar Arnfjörð Bjarmason2012-02-181-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we cache the UID/GID and effective UID/GID similarly to how we used to cache getpid() before v5.14.0-251-g0e21945. Remove this magical behavior in favor of always calling getpid(), getgid() etc. This resolves RT #96208. A minimal testcase for this is the following by Leon Timmermans attached to RT #96208: eval { require 'syscall.ph'; 1 } or eval { require 'sys/syscall.ph'; 1 } or die $@; if (syscall(&SYS_setuid, $ARGV[0] + 0 || 1000) >= 0 or die "$!") { printf "\$< = %d, getuid = %d\n", $<, syscall(&SYS_getuid); } I.e. if we call the sete?[ug]id() functions unbeknownst to perl the $<, $>, $( and $) variables won't be updated. This results in the same sort of issues we had with $$ before v5.14.0-251-g0e21945, and getppid() before my v5.15.7-407-gd7c042c patch. I'm completely eliminating the PL_egid, PL_euid, PL_gid and PL_uid variables as part of this patch, this will break some CPAN modules, but it'll be really easy before the v5.16.0 final to reinstate them. I'd like to remove them to see what breaks, and how easy it is to fix it. These variables are not part of the public API, and the modules using them could either use the Perl_gete?[ug]id() functions or are working around the bug I'm fixing with this commit. The new PL_delaymagic_(egid|euid|gid|uid) variables I'm adding are *only* intended to be used internally in the interpreter to facilitate the delaymagic in Perl_pp_sassign. There's probably some way not to export these to programs that embed perl, but I haven't found out how to do that.
* Convert some files from Latin-1 to UTF-8Keith Thompson2011-09-071-1/+1
|
* Add Perl_ck_warner_d(), which combines Perl_ckwarn_d() and Perl_warner().Nicholas Clark2009-10-121-2/+1
| | | | | Replace ckWARN_d{,2,3,4}() && Perl_warner() with it, which trades reduced code size for 1 more function call if warnings are not enabled.
* PATCH: Large omnibus patch to clean up the JRRT quotesTom Christiansen2008-11-021-3/+5
| | | | | | Message-ID: <25940.1225611819@chthon> Date: Sun, 02 Nov 2008 01:43:39 -0600 p4raw-id: //depot/perl@34698
* Eliminate (SV *) casts from sv.c and [tu]*.c, except for the cast inNicholas Clark2008-10-301-1/+1
| | | | | Perl_sv_magicext(), which is documented. p4raw-id: //depot/perl@34671
* Update copyright years.Nicholas Clark2008-10-251-1/+1
| | | p4raw-id: //depot/perl@34585
* assert() that every NN argument is not NULL. Otherwise we have theNicholas Clark2008-02-121-0/+3
| | | | | | | | | | | | ability to create landmines that will explode under someone in the future when they upgrade their compiler to one with better optimisation. We've already done this at least twice. (Yes, some of the assertions are after code that would already have SEGVd because it already deferences a pointer, but they are put in to make it easier to automate checking that each and every case is covered.) Add a tool, checkARGS_ASSERT.pl, to check that every case is covered. p4raw-id: //depot/perl@33291
* taint.c: constingSteven Schubiger2008-02-031-1/+1
| | | | | | Message-ID: <20080129124723.GA13056@refcnt.homeunix.org> Date: Tue, 29 Jan 2008 13:47:23 +0100 p4raw-id: //depot/perl@33228
* Fix up copyright years for files modified in 2007.Nicholas Clark2007-11-071-2/+2
| | | p4raw-id: //depot/perl@32237
* Turn taint warnings (-t) into severe warnings, so they'reRafael Garcia-Suarez2007-01-081-1/+1
| | | | | | on by default, without having to play games with the warning bits. Add a test for -t. p4raw-id: //depot/perl@29717
* Check for taintedness of PERL5SHELL on WindowsRafael Garcia-Suarez2006-07-161-0/+3
| | | | | (bug #39832) p4raw-id: //depot/perl@28591
* Update copyright years (including some years where we made changes butNicholas Clark2006-01-081-1/+1
| | | | | did not update) p4raw-id: //depot/perl@26732
* hv_fetchs() supportAndy Lester2006-01-061-2/+2
| | | | | Message-ID: <20060106155719.GB9035@petdance.com> p4raw-id: //depot/perl@26676
* sprinkle dVARJarkko Hietaniemi2006-01-061-0/+2
| | | | | Message-ID: <43BE7C4D.1010302@gmail.com> p4raw-id: //depot/perl@26675
* More consting, and putting stuff in embed.fncAndy Lester2005-12-061-1/+1
| | | | | Message-ID: <20051205194613.GB7791@petdance.com> p4raw-id: //depot/perl@26281
* Use the return value from sprintf().Nicholas Clark2005-11-041-2/+3
| | | p4raw-id: //depot/perl@26001
* Pre-YAPC consting funAndy Lester2005-06-231-11/+11
| | | | | Message-ID: <20050623190423.GA13835@petdance.com> p4raw-id: //depot/perl@24965
* More SvPV consting. And other related drive-by refactoring.Nicholas Clark2005-06-101-1/+1
| | | p4raw-id: //depot/perl@24800
* Nuke some more n_a, and convert S_gv_ename from char * to const char *Nicholas Clark2005-06-081-3/+3
| | | p4raw-id: //depot/perl@24760
* Include vim/emacs modelines in generated files to open themRafael Garcia-Suarez2005-05-111-2/+2
| | | | | | in read-only mode. Make vi modelines compatible with non-vim vi versions. p4raw-id: //depot/perl@24445
* Add editor boilerplates to all C filesRafael Garcia-Suarez2005-05-101-0/+10
| | | | | (except the generated ones) p4raw-id: //depot/perl@24440
* Symbian port of PerlJarkko Hietaniemi2005-04-211-2/+2
| | | | | Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2453D653@esebe105.NOE.Nokia.com> p4raw-id: //depot/perl@24271
* Consting part 4Andy Lester2005-03-251-2/+2
| | | | | Message-ID: <20050325204331.GA16388@petdance.com> p4raw-id: //depot/perl@24079
* Third consting batchAndy Lester2005-03-241-4/+4
| | | | | Message-Id: <2f14220e7101a03f7659dbe79a03b115@petdance.com> p4raw-id: //depot/perl@24074
* Add comment to the top of most .c files explaining their purposeDave Mitchell2004-07-311-0/+3
| | | p4raw-id: //depot/perl@23176
* Add a new taint error, "%ENV is aliased to %s".Rafael Garcia-Suarez2003-10-271-8/+20
| | | | | | | This error is thrown when taint checks are enabled and when *ENV has been aliased, so that %ENV has no env-magic anymore. (see bug [perl #24291].) p4raw-id: //depot/perl@21563
* When %ENV has been turned into a non-magical hash after aRafael Garcia-Suarez2003-10-261-3/+8
| | | | | | | glob assignment, TAINT_ENV() may dump core because it assumes $ENV{PATH} is magical. Fix this ; add a test to verify that the PATH is still checked for taintedness. p4raw-id: //depot/perl@21542
* Fix up Larry's copyright statements to my best knowledge.Jarkko Hietaniemi2003-04-161-1/+2
| | | | | | | (Lots of Perl 5 source code archaeology was involved.) Larry didn't make strangled noises when I showed him the patch, either :-) p4raw-id: //depot/perl@19242
* Reverse copyright update (#18801) for files not changed in 2003.Hugo van der Sanden2003-03-021-1/+1
| | | p4raw-id: //depot/perl@18807
* Update all copyrights to 2003, from JarkkoHugo van der Sanden2003-03-021-1/+1
| | | p4raw-id: //depot/perl@18801
* Change the set of characters that are considered to beRafael Garcia-Suarez2002-12-081-1/+1
| | | | | safe in $ENV{TERM} for taint checkings. p4raw-id: //depot/perl@18261
* more warnings tidyupPaul Marquess2002-03-111-1/+1
| | | | | | From: "Paul Marquess" <paul_marquess@yahoo.co.uk> Message-ID: <AIEAJICLCBDNAAOLLOKLMEEGDPAA.paul_marquess@yahoo.co.uk> p4raw-id: //depot/perl@15155
* Sprinkle some copyrights (use the oldest timestamp toJarkko Hietaniemi2002-01-241-0/+9
| | | | | | be found in the repository, which is most often not right, but at least consistent) p4raw-id: //depot/perl@14400
* Promote the e/uid to wide enough un/signed integersJarkko Hietaniemi2001-12-241-3/+20
| | | | | and printf them as such. p4raw-id: //depot/perl@13871
* -t taint warningsMichael G. Schwern2001-12-141-5/+10
| | | | | | | | | Message-ID: <20011214002707.GA10532@blackrider> (reword the perlrun -t description a bit, and move the Itaint_warn to the bottom of the intrpvar.h for binary compatibility) p4raw-id: //depot/perl@13684
* Fixes for casting problems detected on a SuSE 7.2 Itanium,Jarkko Hietaniemi2001-12-121-1/+1
| | | | | | mostly gcc -Wall complaining about the argument of %p not being a void *. p4raw-id: //depot/perl@13659
* Silence some more warnings INT2PTR.Artur Bergman2001-09-101-1/+1
| | | p4raw-id: //depot/perl@11972
* [LARGE!] symbolic magicDave Mitchell2001-05-201-2/+2
| | | | | Message-Id: <200105191912.UAA23925@gizmo.fdgroup.co.uk> p4raw-id: //depot/perl@10168
* dTHR is a nop in 5.6.0 onwards. Ergo, it can go.Jarkko Hietaniemi2000-12-051-7/+0
| | | p4raw-id: //depot/perl@7984
* VMS patches from Peter Prymmer.Jarkko Hietaniemi1999-11-211-0/+2
| | | p4raw-id: //depot/cfgperl@4595
* Fix printing of uids and gids; regen Configure.Jarkko Hietaniemi1999-10-281-6/+1
| | | p4raw-id: //depot/cfgperl@4480
* warnings and const violations identified by compiling in C++ modeGurusamy Sarathy1999-10-261-1/+1
| | | | | with GCC v2.95 p4raw-id: //depot/perl@4461
* Untangle the IV_IS_QUAD jungle by introdudingJarkko Hietaniemi1999-10-021-3/+3
| | | | | | macros to be used when doing formatted printing: IVdf, UVuf, UVxf, UVof. Also introduce Uid_t_SIGN. p4raw-id: //depot/cfgperl@4288
* Band-aid until we've got %{Uid_t} or something similarJarkko Hietaniemi1999-09-071-1/+6
| | | | | for sv_catpvfn(). p4raw-id: //depot/cfgperl@4098
* more complete support for implicit thread/interpreter pointer,Gurusamy Sarathy1999-06-091-2/+2
| | | | | | | | | | | | | | | | | | | | | enabled via -DPERL_IMPLICIT_CONTEXT (all changes are noops without that enabled): - USE_THREADS now enables PERL_IMPLICIT_CONTEXT, so dTHR is a noop; tests pass on Solaris; should be faster now! - MULTIPLICITY has been tested with and without PERL_IMPLICIT_CONTEXT on Solaris - improved function database now merged with embed.pl - everything except the varargs functions have foo(a,b,c) macros to provide compatibility - varargs functions default to compatibility variants that get the context pointer using dTHX - there should be almost no source compatibility issues as a result of all this - dl_foo.xs changes other than dl_dlopen.xs untested - still needs documentation, fixups for win32 etc Next step: migrate most non-mutex variables from perlvars.h to intrpvar.h p4raw-id: //depot/perl@3524