diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2000-08-08 15:51:11 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2000-08-08 15:51:11 +0000 |
| commit | 915b9e2064dee73178cb678e9bd533b7e8ddd188 (patch) | |
| tree | d43d4aeb650f1230bd22a56c326f122108bb1dfa /gnu | |
| parent | 15a5661e7eaf8c42b52e0fa8ae89c7b68d36bd5e (diff) | |
The official perl fix deletes the /bin/mail code entirely.
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/usr.bin/perl/patchlevel.h | 3 | ||||
| -rw-r--r-- | gnu/usr.bin/perl/perl.c | 12 |
2 files changed, 2 insertions, 13 deletions
diff --git a/gnu/usr.bin/perl/patchlevel.h b/gnu/usr.bin/perl/patchlevel.h index f95db63f63c..645620d799b 100644 --- a/gnu/usr.bin/perl/patchlevel.h +++ b/gnu/usr.bin/perl/patchlevel.h @@ -69,7 +69,8 @@ */ #if !defined(PERL_PATCHLEVEL_H_IMPLICIT) && !defined(LOCAL_PATCH_COUNT) static char *local_patches[] = { - NULL + NULL + ,"SUIDMAIL - fixes for suidperl security" ,NULL }; diff --git a/gnu/usr.bin/perl/perl.c b/gnu/usr.bin/perl/perl.c index b7d68e8c4b7..0f82726bc9a 100644 --- a/gnu/usr.bin/perl/perl.c +++ b/gnu/usr.bin/perl/perl.c @@ -2758,18 +2758,6 @@ S_validate_suid(pTHX_ char *validarg, char *scriptname, int fdscript) if (tmpstatbuf.st_dev != PL_statbuf.st_dev || tmpstatbuf.st_ino != PL_statbuf.st_ino) { (void)PerlIO_close(PL_rsfp); -#ifdef DISGUSTINGLY_INSECURE - if (PL_rsfp = PerlProc_popen("/bin/mail root","w")) { /* heh, heh */ - PerlIO_printf(PL_rsfp, -"User %"Uid_t_f" tried to run dev %ld ino %ld in place of dev %ld ino %ld!\n\ -(Filename of set-id script was %s, uid %"Uid_t_f" gid %"Gid_t_f".)\n\nSincerely,\nperl\n", - PL_uid,(long)tmpstatbuf.st_dev, (long)tmpstatbuf.st_ino, - (long)PL_statbuf.st_dev, (long)PL_statbuf.st_ino, - CopFILE(PL_curcop), - PL_statbuf.st_uid, PL_statbuf.st_gid); - (void)PerlProc_pclose(PL_rsfp); - } -#endif Perl_croak(aTHX_ "Permission denied\n"); } if ( |