cjosta@taux01.UUCP (Jonathan Sweedler) (11/21/88)
I tried to apply patches 16 and 17 to perl but had a problem compiling
perly.c. In line 526 it says that origargv is undefined. I am not
running with the setuid-fixup-thingamabob working. When I re-run
Configure and tell it that I want to do the special setuid checking,
then perly.c (and everything else) compiles ok.
origargv is defined in perly.c but only if the DOSUID pre-processor
flag is set. In line 511 there is an #else pre-processor statement
that causes line 526 to be compiled when DOSUID is not set instead of
when DOSUID is set. It seems that line 526 should only be compiled
when DOSUID is set and not when DOSUID is not set. Can we have an
official patch for this, Larry? Thanks.
--
Jonathan Sweedler === National Semiconductor Israel
UUCP: ...!{amdahl,hplabs,decwrl}!nsc!taux01!cjosta
Domain: cjosta@taux01.nsc.comjv@mhres.mh.nl (Johan Vromans) (11/22/88)
From article <935@taux01.UUCP>, by cjosta@taux01.UUCP (Jonathan Sweedler): > I tried to apply patches 16 and 17 to perl but had a problem compiling > perly.c. In line 526 it says that origargv is undefined. [...] > Can we have an > official patch for this, Larry? Thanks. I ran into the same problems, so I second this. If I may express my humble opinion (although I consider Larry to be a real software engineering guru): patches 16/17 have introduced new functionality to perl, namely 'tainting', '$]' and 'getc'. Does this not deserve incrementing the perl version number to 2.1 instead of just the patchlevel? When looking for other changes, I compared the new manual page with an older one. Then I found out that the perl version number (including current patchlevel) does not appear in the (printed) documentation. Shouldn't it be included somewhere? BTW: currently perl identifies itself with: $Header: perly.c,v 2.0.1.9 88/11/19 00:14:36 lwall Locked $ Patch level: 17 which occurs to me a bit cryptic. -- Johan
greim@sbsvax.UUCP (Michael Greim) (11/23/88)
In article <935@taux01.UUCP>, cjosta@taux01.UUCP (Jonathan Sweedler) writes: > I tried to apply patches 16 and 17 to perl but had a problem compiling > perly.c. In line 526 it says that origargv is undefined. I am not > running with the setuid-fixup-thingamabob working. When I re-run > Configure and tell it that I want to do the special setuid checking, > then perly.c (and everything else) compiles ok. > > origargv is defined in perly.c but only if the DOSUID pre-processor > flag is set. In line 511 there is an #else pre-processor statement > that causes line 526 to be compiled when DOSUID is not set instead of > when DOSUID is set. It seems that line 526 should only be compiled > when DOSUID is set and not when DOSUID is not set. Can we have an > official patch for this, Larry? Thanks. We fixed it by defining origargs in any case. Just move the 'ifdef' from above it to behind it. We came to the following conclusions: - the use of origargv is only active if !DOSUID and !TAINT, which means the program is running as normal perl. - the test above seems to be whether this particular program (normal perl) is running setuid. Someone might just set the s-bit. - if it runs setuid, then it refuses to read the script, but rather calls taintperl, which is equipped to check on such scripts. (Remember : there is no suidperl) As it has to pass its original arguments to taintperl, but argv has been destroyed already, we think it makes sense to define origargv to hold them. -mg -- email : greim@sbsvax.informatik.uni-saarland.dbp.de (some mailers might not like this. Then use greim@sbsvax.uucp) or : ...!uunet!unido!sbsvax!greim # include <disclaimers/std.h>