From 5efb26dc9983031d8ff6f6412feb39224b5eb235 Mon Sep 17 00:00:00 2001 From: roberto Date: Tue, 13 May 1997 16:12:55 +0000 Subject: This is the Perl5 equivalent of the MNT_NOSUID patch that was put into /usr/bin/perl a while ago. It works with 5.003 and 5.004-tobe. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I can't test it on freefall (I don't have a setuid script to play with) but it works at home. I'll test on thud later. Every setuid script found on a partition mounted "nosuid" will not be executed and "Permission Denied" will be displayed. It won't be in soo-to-be-released 5.004 because it is not a FreeBSD speciific problem but it will be dealt with in 5.004_01 (maintenance release). Obtained from: Jörg's patch (edited for Perl5 by me). --- lang/perl5.10/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5.12/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5.14/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5.16/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5.6/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5.8/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/perl5/files/patch-ae | 42 ++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 294 insertions(+) create mode 100644 lang/perl5.10/files/patch-ae create mode 100644 lang/perl5.12/files/patch-ae create mode 100644 lang/perl5.14/files/patch-ae create mode 100644 lang/perl5.16/files/patch-ae create mode 100644 lang/perl5.6/files/patch-ae create mode 100644 lang/perl5.8/files/patch-ae create mode 100644 lang/perl5/files/patch-ae diff --git a/lang/perl5.10/files/patch-ae b/lang/perl5.10/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.10/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5.12/files/patch-ae b/lang/perl5.12/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.12/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5.14/files/patch-ae b/lang/perl5.14/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.14/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5.16/files/patch-ae b/lang/perl5.16/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.16/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5.6/files/patch-ae b/lang/perl5.6/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.6/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5.8/files/patch-ae b/lang/perl5.8/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5.8/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + diff --git a/lang/perl5/files/patch-ae b/lang/perl5/files/patch-ae new file mode 100644 index 000000000000..01e5a89ca562 --- /dev/null +++ b/lang/perl5/files/patch-ae @@ -0,0 +1,42 @@ +--- perl.h.old Tue May 6 12:22:21 1997 ++++ perl.h Tue May 6 12:26:50 1997 +@@ -223,6 +223,15 @@ + # include + #endif + ++/* needed for IAMSUID case for 4.4BSD systems ++ * XXX there should probably be a Configure variable ++ */ ++ ++#ifdef I_SYS_PARAM ++#if (defined (BSD) && (BSD >= 199306)) ++# include ++#endif /* !BSD */ ++#endif /* !I_SYS_PARAM */ + + /* Use all the "standard" definitions? */ + #if defined(STANDARD_C) && defined(I_STDLIB) +--- perl.c.old Sun Apr 27 15:04:13 1997 ++++ perl.c Tue May 6 12:27:40 1997 +@@ -1912,6 +1912,20 @@ + croak("Can't swap uid and euid"); /* really paranoid */ + if (Stat(SvPVX(GvSV(curcop->cop_filegv)),&tmpstatbuf) < 0) + croak("Permission denied"); /* testing full pathname here */ ++#if (defined(BSD) && (BSD >= 199306)) ++#ifdef IAMSUID ++ { ++ struct statfs stfs; ++ ++ if (fstatfs(fileno(rsfp),&stfs) < 0) ++ croak("Can't statfs filesystem of script \"%s\"",origfilename); ++ ++ if (stfs.f_flags & MNT_NOSUID) ++ croak("Permission denied"); ++ } ++#endif /* IAMSUID */ ++#endif /* BSD */ ++ + if (tmpstatbuf.st_dev != statbuf.st_dev || + tmpstatbuf.st_ino != statbuf.st_ino) { + (void)PerlIO_close(rsfp); + -- cgit