From 5f05dabc4054964aa3b10f44f8468547f051cdf8 Mon Sep 17 00:00:00 2001 From: Perl 5 Porters Date: Thu, 19 Dec 1996 16:44:00 +1200 Subject: [inseparable changes from patch from perl5.003_11 to perl5.003_12] CORE LANGUAGE CHANGES Subject: Support C From: Chip Salzenberg Files: op.c op.h opcode.pl pod/perldiag.pod pod/perlfunc.pod pp.c t/op/delete.t Subject: Autovivify scalars From: Chip Salzenberg Files: dump.c op.c op.h pp.c pp_hot.c DOCUMENTATION Subject: Update pods: perldelta -> perlnews, perli18n -> perllocale From: Tom Christiansen Files: MANIFEST pod/perl.pod pod/perldelta.pod pod/perli18n.pod pod/perlnews.pod Subject: perltoot.pod Date: Mon, 09 Dec 1996 07:44:10 -0700 From: Tom Christiansen Files: MANIFEST pod/perltoot.pod Msg-ID: <199612091444.HAA09947@toy.perl.com> (applied based on p5p patch as commit 32e22efaa9ec59b73a208b6c532a0b435e2c6462) Subject: Perlguts, version 25 Date: Fri, 6 Dec 96 11:40:27 PST From: Jeff Okamoto Files: pod/perlguts.pod private-msgid: <199612061940.AA055461228@hpcc123.corp.hp.com> Subject: pod patches for English errors Date: Mon, 09 Dec 1996 13:33:11 -0800 From: Steve Kelem Files: pod/*.pod Msg-ID: <24616.850167191@castor> (applied based on p5p patch as commit 0135f10892ed8a21c4dbd1fca21fbcc365df99dd) Subject: Misc doc updates Date: Sat, 14 Dec 1996 18:56:33 -0700 From: Tom Christiansen Files: pod/* Subject: Re: perldelta.pod Here are some diffs to the _11 pods. I forgot to add perldelta to perl.pod though. And *PLEASE* fix the Artistic License so it no longer has the bogus "whomever" misdeclined in the nominative case: under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this It should obviously be "whoever". p5p-msgid: <199612150156.SAA12506@mox.perl.com> OTHER CORE CHANGES Subject: Allow assignment to empty array values during foreach() From: Chip Salzenberg Files: cop.h global.sym mg.c op.c perl.h pp_hot.c proto.h sv.c Subject: Fix nested closures From: Chip Salzenberg Files: op.c opcode.pl pp.c pp_ctl.c pp_hot.c Subject: Fix core dump on auto-vivification From: Chip Salzenberg Files: pp_hot.c Subject: Fix core dump on C From: Chip Salzenberg Files: pp_sys.c Subject: Fix -T/-B on globs and globrefs From: Chip Salzenberg Files: pp_sys.c Subject: Fix memory management of $`, $&, and $' From: Chip Salzenberg Files: pp_hot.c regexec.c Subject: Fix paren matching during backtracking From: Chip Salzenberg Files: regexec.c Subject: Fix memory leak and std{in,out,err} death in perl_{con,de}str From: Chip Salzenberg Files: miniperlmain.c perl.c perl.h sv.c Subject: Discard garbage bytes at end of prototype() From: Chip Salzenberg Files: pp.c Subject: Fix local($pack::{foo}) From: Chip Salzenberg Files: global.sym pp.c pp_hot.c proto.h scope.c Subject: Disable warn, die, and parse hooks _before_ global destruction From: Chip Salzenberg Files: perl.c Subject: Re: Bug in formline Date: Sun, 08 Dec 1996 14:58:32 -0500 From: Gurusamy Sarathy Files: pp_ctl.c Msg-ID: <199612081958.OAA26025@aatma.engin.umich.edu> (applied based on p5p patch as commit b386bda18108ba86d0b76ebe2d8745eafa80f39e) Subject: Fix C<@a = ($a,$b,$c,$d) = (1,2)> From: Chip Salzenberg Files: pp_hot.c Subject: Properly support and document newRV{,_inc,_noinc} From: Chip Salzenberg Files: global.sym pod/perlguts.pod sv.c sv.h Subject: Allow lvalue pos inside recursive function From: Chip Salzenberg Files: op.c pp.c pp_ctl.c pp_hot.c PORTABILITY Subject: Make $privlib contents compatible with 5.003 From: Chip Salzenberg Files: INSTALL ext/Opcode/Safe.pm installperl lib/FileHandle.pm lib/Test/Harness.pm Subject: Support $bincompat3 config variable; update metaconfig units From: Chip Salzenberg Files: Configure MANIFEST compat3.sym config_h.SH embed.pl global.sym old_embed.pl old_global.sym old_perl_exp.SH perl_exp.SH Subject: Look for gettimeofday() in Configure Date: Wed, 11 Dec 1996 15:49:57 +0100 From: John Hughes Files: Configure config_H config_h.SH pp.c Subject: perl5.003_11, Should base use of gettimeofday on HAS_GETTIMEOFDAY, not I_SYS_TIME I've been installing perl5.003_11 on a SCO system that has the TCP/IP runtime installed but not the TCP/IP development system. Unfortunately the include file is included in the TCP/IP runtime while libsocket.a is in the development system. This means that pp.c decides to use "gettimeofday" because is present but I can't link the perl that gets compiled. So, here's a patch to base the use of "gettimeofday" on "HAS_GETTIMEOFDAY" instead of "I_SYS_TIME". I also took the liberty of removing the special case for plan9 (I assume plan9 has but no gettimeofday. Am I right?). p5p-msgid: <01BBE77A.F6F37F80@malvinas.AtlanTech.COM> Subject: Make $startperl a relative path if people want portable scrip From: Chip Salzenberg Files: Configure Subject: Homogenize use of "eval exec" hack From: Chip Salzenberg Files: Porting/Glossary eg/README eg/nih eg/sysvipc/ipcmsg eg/sysvipc/ipcsem eg/sysvipc/ipcshm lib/diagnostics.pm makeaperl.SH pod/checkpods.PL pod/perlrun.pod pod/pod2html.PL pod/pod2latex.PL pod/pod2man.PL pod/pod2text.PL utils/c2ph.PL utils/h2ph.PL utils/h2xs.PL utils/perlbug.PL utils/perldoc.PL utils/pl2pm.PL x2p/a2py.c x2p/find2perl.PL x2p/s2p.PL Subject: LynxOS support Date: Thu, 12 Dec 1996 09:25:00 PST From: Greg Seibert Files: Configure MANIFEST hints/lynxos.sh t/op/stat.t Msg-ID: (applied based on p5p patch as commit 6693373533b15e559fd8f0f1877e5e6ec15483cc) Subject: Re: db-recno.t failures with _11 on Freebsd 2.1-stable Date: 11 Dec 1996 18:58:56 -0500 From: Roderick Schertler Files: INSTALL hints/freebsd.sh Msg-ID: (applied based on p5p patch as commit 10e40321ee752c58e3407b204c74c8049894cb51) Subject: VMS patches to 5.003_11 Date: Mon, 09 Dec 1996 23:16:10 -0500 (EST) From: Charles Bailey Files: MANIFEST regexec.c t/lib/filehand.t util.c vms/* private-msgid: <01ICTR32LCZG001A1D@hmivax.humgen.upenn.edu> TESTING Subject: recurse recurse recurse ... Date: Mon, 9 Dec 1996 23:44:27 +0200 (EET) From: Jarkko Hietaniemi Files: MANIFEST t/op/recurse.t private-msgid: <199612092144.XAA29025@alpha.hut.fi> UTILITIES, LIBRARY, AND EXTENSIONS Subject: Add CPAN and Net::FTP From: Chip Salzenberg Files: MANIFEST lib/CPAN.pm lib/CPAN/FirstTime.pm lib/CPAN/Nox.pm lib/Net/FTP.pm lib/Net/Netrc.pm lib/Net/Socket.pm pod/perlmod.pod Subject: Add File::Compare Date: Mon, 16 Dec 1996 18:44:59 GMT From: Nick Ing-Simmons Files: MANIFEST lib/File/Compare.pm pod/perlmod.pod Msg-ID: <199612161844.SAA02152@pluto> (applied based on p5p patch as commit ec971c5c328aca84fb827f69f2cc1dc3be81f830) Subject: Add Tie::RefHash Date: Sun, 15 Dec 1996 18:58:08 -0500 From: Gurusamy Sarathy Files: MANIFEST lib/Tie/RefHash.pm pod/perlmod.pod Msg-ID: <199612152358.SAA28665@aatma.engin.umich.edu> (applied based on p5p patch as commit 9a079709134ebbf4c935cc8752fdb564e5c82b94) Subject: Put "splain" in utils. From: Chip Salzenberg Files: Makefile.SH installperl utils/Makefile utils/splain.PL Subject: Some h2ph fixes Date: Fri, 13 Dec 1996 11:34:12 -0800 From: Jeff Okamoto Files: utils/h2ph.PL Here is a message regarding changes to h2ph that should probably be folded into the 5.004 release. p5p-msgid: <199612131934.AA289845652@hpcc123.corp.hp.com> --- pod/perlsec.pod | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'pod/perlsec.pod') diff --git a/pod/perlsec.pod b/pod/perlsec.pod index facddedfbf..2b6972701f 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -1,4 +1,3 @@ - =head1 NAME perlsec - Perl security @@ -17,7 +16,7 @@ Perl automatically enables a set of special security checks, called I, when it detects its program running with differing real and effective user or group IDs. The setuid bit in Unix permissions is mode 04000, the setgid bit mode 02000; either or both may be set. You can also enable taint -mode explicitly by using the the B<-T> command line flag. This flag is +mode explicitly by using the B<-T> command line flag. This flag is I suggested for server programs and any program run on behalf of someone else, such as a CGI script. @@ -33,7 +32,7 @@ You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command-line arguments, environment variables, and file input are marked as "tainted". Tainted data may not be used directly or indirectly in any command that -invokes a subshell, nor in any command that modifies files, directories, +invokes a sub-shell, nor in any command that modifies files, directories, or processes. Any variable set within an expression that has previously referenced a tainted value itself becomes tainted, even if it is logically impossible for the tainted value to influence the variable. Because @@ -102,9 +101,9 @@ taintedness. Instead, the slightly more efficient and conservative approach is used that if any tainted value has been accessed within the same expression, the whole expression is considered tainted. -But testing for taintedness only gets you so far. Sometimes you just have +But testing for taintedness gets you only so far. Sometimes you have just to clear your data's taintedness. The only way to bypass the tainting -mechanism is by referencing subpatterns from a regular expression match. +mechanism is by referencing sub-patterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern. That means using a bit of thought--don't just blindly untaint anything, or you defeat the @@ -123,7 +122,7 @@ or a dot. die "Bad data in $data"; # log this somewhere } -This is fairly secure since C doesn't normally match shell +This is fairly secure because C doesn't normally match shell metacharacters, nor are dot, dash, or at going to mean something special to the shell. Use of C would have been insecure in theory because it lets everything through, but Perl doesn't check for that. The lesson @@ -156,7 +155,7 @@ prevent stupid mistakes, not to remove the need for thought. Perl does not call the shell to expand wild cards when you pass B and B explicit parameter lists instead of strings with possible shell wildcards in them. Unfortunately, the B, B, and -backtick functions provide no such alternate calling convention, so more +back-tick functions provide no such alternate calling convention, so more subterfuge will be required. Perl provides a reasonably safe way to open a file or pipe from a setuid @@ -168,11 +167,11 @@ environment variables, umasks, current working directories, back to the originals or known safe values. Then the child process, which no longer has any special permissions, does the B or other system call. Finally, the child passes the data it managed to access back to the -parent. Since the file or pipe was opened in the child while running +parent. Because the file or pipe was opened in the child while running under less privilege than the parent, it's not apt to be tricked into doing something it shouldn't. -Here's a way to do backticks reasonably safely. Notice how the B is +Here's a way to do back-ticks reasonably safely. Notice how the B is not called with a string that the shell could expand. This is by far the best way to call something that might be subjected to shell escapes: just never call the shell at all. By the time we get to the B, tainting -- cgit v1.2.1