wyle@inf.ethz.ch (Mitchell Wyle) (03/28/90)
In article <1400@yarra-glen.aaii.oz.au> pem@yarra-glen.aaii.oz.au (Paul E. Maisano) writes:
: I've narrowed it down to the following weirdness -- it looks like it has
: something to do with uninitialized array elements but I don't understand
: why having the effective group id different from the real gid triggers it.
:
...
:
: Making the real group id the same as the effective gid fixes it, whether by
: not making the wrapper setgid or by adding "setrgid(getegid());" before
: the call to execv().
:
: The work around is obvious; just make sure you have no uninitialized
: array elements.
:
: If this is a weird bug with uninitialized array elements I can't wait
: to hear why the effective group id has something to do with it.
Because if the effective and real group id are the same, perl doesn't call
taintperl to interpret the script. The bug arises in some code that is
trying to propagate "taintedness", so if you don't run taintperl, you
don't exercise it.
: BTW, How do you disable setuid shell scripts in the kernel? The perl manual
: seems to imply that it is a straightforward thing to do.
It is if you have the sources. Or if Sun would get off their corporate
duff and insert two lines of code depending on an adb-able variable. But
they won't unless a lot of people make some noise. We don't weigh enough,
apparently. Anyway, I just got the usual sunaround, er, I mean,
runaround.
ARE YOU LISTENING, SUN?
Now, it turns out to be a simple binary patch on a Vax, because you can
just change a branch. But on a Sun, you'd have to insert some code, and
I've never developed the patch.
If you have the sources, the patch was sent out by Berkeley long ago, and
you can find it in one of their official patch repositories. Sun claims
the patch was not "mandatory".