Commit | Line | Data |
463ee0b2 |
1 | #include "EXTERN.h" |
2 | #include "perl.h" |
3 | |
4 | void |
5 | taint_not(s) |
6 | char *s; |
7 | { |
8 | if (euid != uid) |
9 | croak("No %s allowed while running setuid", s); |
10 | if (egid != gid) |
11 | croak("No %s allowed while running setgid", s); |
12 | } |
13 | |
79072805 |
14 | void |
15 | taint_proper(f, s) |
16 | char *f; |
17 | char *s; |
18 | { |
463ee0b2 |
19 | if (tainting) { |
20 | DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid)); |
21 | if (tainted) { |
22 | char *ug = 0; |
23 | if (euid != uid) |
24 | ug = " while running setuid"; |
25 | else if (egid != gid) |
26 | ug = " while running setgid"; |
27 | else if (tainting) |
28 | ug = " while running with -T switch"; |
29 | if (ug) { |
30 | if (!unsafe) |
31 | croak(f, s, ug); |
32 | else if (dowarn) |
33 | warn(f, s, ug); |
34 | } |
35 | } |
79072805 |
36 | } |
37 | } |
38 | |
39 | void |
40 | taint_env() |
41 | { |
42 | SV** svp; |
43 | |
463ee0b2 |
44 | if (tainting) { |
45 | svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE); |
46 | if (!svp || *svp == &sv_undef || mg_find(*svp, 't')) { |
47 | tainted = 1; |
48 | if (SvPRIVATE(*svp) & SVp_TAINTEDDIR) |
49 | taint_proper("Insecure directory in %s%s", "PATH"); |
50 | else |
51 | taint_proper("Insecure %s%s", "PATH"); |
52 | } |
53 | svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE); |
54 | if (svp && *svp != &sv_undef && mg_find(*svp, 't')) { |
55 | tainted = 1; |
56 | taint_proper("Insecure %s%s", "IFS"); |
57 | } |
79072805 |
58 | } |
59 | } |
60 | |