[p5sagit/p5-mst-13.2.git] / taint.c

/*
 * "...we will have peace, when you and all your works have perished--and
 * the works of your dark master to whom you would deliver us.  You are a
 * liar, Saruman, and a corrupter of men's hearts."  --Theoden
 */

#include "EXTERN.h"
#include "perl.h"

void
taint_not(s)
char *s;
{
    if (euid != uid)
        croak("No %s allowed while running setuid", s);
    if (egid != gid)
        croak("No %s allowed while running setgid", s);
}

void
taint_proper(f, s)
char *f;
char *s;
{
    if (tainting) {
	DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid));
	if (tainted) {
	    char *ug = 0;
	    if (euid != uid)
		ug = " while running setuid";
	    else if (egid != gid)
		ug = " while running setgid";
	    else if (tainting)
		ug = " while running with -T switch";
	    if (ug) {
		if (!unsafe)
		    croak(f, s, ug);
		else if (dowarn)
		    warn(f, s, ug);
	    }
	}
    }
}

void
taint_env()
{
    SV** svp;

    if (tainting) {
	MAGIC *mg = 0;
	svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
	if (!svp || *svp == &sv_undef ||
	  ((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
	{
	    tainted = TRUE;
	    if (mg && MgTAINTEDDIR(mg))
		taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
	    else
		taint_proper("Insecure %s%s", "$ENV{PATH}");
	}
	svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
	if (svp && *svp != &sv_undef &&
	  (mg = mg_find(*svp, 't')) && mg->mg_len & 1)
	{
	    tainted = TRUE;
	    taint_proper("Insecure %s%s", "$ENV{IFS}");
	}
    }
}
Commit	Line	Data
a0d0e21e	1	/*
	2	* "...we will have peace, when you and all your works have perished--and
	3	* the works of your dark master to whom you would deliver us. You are a
	4	* liar, Saruman, and a corrupter of men's hearts." --Theoden
	5	*/
	6
463ee0b2	7	#include "EXTERN.h"
	8	#include "perl.h"
	9
	10	void
	11	taint_not(s)
	12	char *s;
	13	{
	14	if (euid != uid)
	15	croak("No %s allowed while running setuid", s);
	16	if (egid != gid)
	17	croak("No %s allowed while running setgid", s);
	18	}
	19
79072805	20	void
	21	taint_proper(f, s)
	22	char *f;
	23	char *s;
	24	{
463ee0b2	25	if (tainting) {
	26	DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid));
	27	if (tainted) {
	28	char *ug = 0;
	29	if (euid != uid)
	30	ug = " while running setuid";
	31	else if (egid != gid)
	32	ug = " while running setgid";
	33	else if (tainting)
	34	ug = " while running with -T switch";
	35	if (ug) {
	36	if (!unsafe)
	37	croak(f, s, ug);
	38	else if (dowarn)
	39	warn(f, s, ug);
	40	}
	41	}
79072805	42	}
	43	}
	44
	45	void
	46	taint_env()
	47	{
	48	SV** svp;
	49
463ee0b2	50	if (tainting) {
8990e307	51	MAGIC *mg = 0;
463ee0b2	52	svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
748a9306	53	if (!svp \|\| *svp == &sv_undef \|\|
	54	((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
	55	{
	56	tainted = TRUE;
8990e307	57	if (mg && MgTAINTEDDIR(mg))
a0d0e21e	58	taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
463ee0b2	59	else
a0d0e21e	60	taint_proper("Insecure %s%s", "$ENV{PATH}");
463ee0b2	61	}
463ee0b2	62	svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
748a9306	63	if (svp && *svp != &sv_undef &&
	64	(mg = mg_find(*svp, 't')) && mg->mg_len & 1)
	65	{
	66	tainted = TRUE;
a0d0e21e	67	taint_proper("Insecure %s%s", "$ENV{IFS}");
463ee0b2	68	}
79072805	69	}
	70	}
	71