1 char rcsid[] = "$Header: perly.c,v 3.0.1.5 90/03/27 16:20:57 lwall Locked $\nPatch level: ###\n";
3 * Copyright (c) 1989, Larry Wall
5 * You may distribute under the terms of the GNU General Public License
6 * as specified in the README file that comes with the perl 3.0 kit.
9 * Revision 3.0.1.5 90/03/27 16:20:57 lwall
10 * patch16: MSDOS support
11 * patch16: do FILE inside eval blows up
13 * Revision 3.0.1.4 90/02/28 18:06:41 lwall
14 * patch9: perl can now start up other interpreters scripts
15 * patch9: nested evals clobbered their longjmp environment
16 * patch9: eval could mistakenly return undef in array context
18 * Revision 3.0.1.3 89/12/21 20:15:41 lwall
19 * patch7: ANSI strerror() is now supported
20 * patch7: errno may now be a macro with an lvalue
21 * patch7: allowed setuid scripts to have a space after #!
23 * Revision 3.0.1.2 89/11/17 15:34:42 lwall
24 * patch5: fixed possible confusion about current effective gid
26 * Revision 3.0.1.1 89/11/11 04:50:04 lwall
27 * patch2: moved yydebug to where its type didn't matter
29 * Revision 3.0 89/10/18 15:22:21 lwall
37 #include "patchlevel.h"
45 #ifdef SETUID_SCRIPTS_ARE_SECURE_NOW
58 char *index(), *strcpy(), *getenv();
59 bool dosearch = FALSE;
64 #ifdef SETUID_SCRIPTS_ARE_SECURE_NOW
67 fatal("suidperl is no longer needed since the kernel can now execute\n\
68 setuid perl scripts securely.\n");
75 euid = (int)geteuid();
77 egid = (int)getegid();
80 * There is no way we can refer to them from Perl so close them to save
81 * space. The other alternative would be to provide STDAUX and STDPRN
89 loop_ptr = -1; /* start label stack again */
92 (void)sprintf(index(rcsid,'#'), "%d\n", PATCHLEVEL);
93 linestr = Str_new(65,80);
94 str_nset(linestr,"",0);
95 str = str_make("",0); /* first used for -I flags */
96 curstash = defstash = hnew(0);
97 curstname = str_make("main",4);
98 stab_xhash(stabent("_main",TRUE)) = defstash;
99 incstab = aadd(stabent("INC",TRUE));
100 incstab->str_pok |= SP_MULTI;
101 for (argc--,argv++; argc; argc--,argv++) {
102 if (argv[0][0] != '-' || !argv[0][1])
106 validarg = " PHOOEY ";
119 if (euid != uid || egid != gid)
120 fatal("No -d allowed in setuid scripts");
128 if (euid != uid || egid != gid)
129 fatal("No -D allowed in setuid scripts");
133 warn("Recompile perl with -DDEBUGGING to use -D switch\n");
138 if (euid != uid || egid != gid)
139 fatal("No -e allowed in setuid scripts");
142 e_tmpname = savestr(TMPPATH);
143 (void)mktemp(e_tmpname);
144 e_fp = fopen(e_tmpname,"w");
148 (void)putc('\n', e_fp);
152 inplace = savestr(s+1);
153 argvoutstab = stabent("ARGVOUT",TRUE);
157 if (euid != uid || egid != gid)
158 fatal("No -I allowed in setuid scripts");
164 (void)apush(stab_array(incstab),str_make(s,0));
167 (void)apush(stab_array(incstab),str_make(argv[1],0));
168 str_cat(str,argv[1]);
183 if (euid != uid || egid != gid)
184 fatal("No -P allowed in setuid scripts");
191 if (euid != uid || egid != gid)
192 fatal("No -s allowed in setuid scripts");
211 fputs("\nCopyright (c) 1989, 1990, Larry Wall\n",stdout);
213 fputs("MS-DOS port Copyright (c) 1989, 1990, Diomidis Spinellis\n",
217 Perl may be copied only under the terms of the GNU General Public License,\n\
218 a copy of which can be found with the Perl 3.0 distribution kit.\n",stdout);
230 fatal("Unrecognized switch: -%s",s);
240 #define PRIVLIB "/usr/local/lib/perl"
242 (void)apush(stab_array(incstab),str_make(PRIVLIB,0));
245 str_set(&str_yes,Yes);
249 if (argv[0] == Nullch)
251 if (dosearch && !index(argv[0], '/') && (s = getenv("PATH"))) {
252 char *xfound = Nullch, *xfailed = Nullch;
255 bufend = s + strlen(s);
257 s = cpytill(tokenbuf,s,bufend,':',&len);
261 (void)strcat(tokenbuf+len,"/");
262 (void)strcat(tokenbuf+len,argv[0]);
265 fprintf(stderr,"Looking for %s\n",tokenbuf);
267 if (stat(tokenbuf,&statbuf) < 0) /* not there? */
269 if ((statbuf.st_mode & S_IFMT) == S_IFREG
270 && cando(S_IREAD,TRUE,&statbuf) && cando(S_IEXEC,TRUE,&statbuf)) {
271 xfound = tokenbuf; /* bingo! */
275 xfailed = savestr(tokenbuf);
278 fatal("Can't execute %s", xfailed ? xfailed : argv[0] );
281 argv[0] = savestr(xfound);
284 pidstatary = anew(Nullstab); /* for remembering popen pids, status */
286 filename = savestr(argv[0]);
287 origfilename = savestr(filename);
288 if (strEQ(filename,"-"))
292 str_cat(str,PRIVLIB);
293 (void)sprintf(buf, "\
294 /bin/sed -e '/^[^#]/b' \
295 -e '/^#[ ]*include[ ]/b' \
296 -e '/^#[ ]*define[ ]/b' \
297 -e '/^#[ ]*if[ ]/b' \
298 -e '/^#[ ]*ifdef[ ]/b' \
299 -e '/^#[ ]*ifndef[ ]/b' \
301 -e '/^#[ ]*endif/b' \
304 argv[0], CPPSTDIN, str_get(str), CPPMINUS);
305 #ifdef IAMSUID /* actually, this is caught earlier */
306 if (euid != uid && !euid) /* if running suidperl */
308 (void)seteuid(uid); /* musn't stay setuid root */
311 (void)setreuid(-1, uid);
317 rsfp = mypopen(buf,"r");
322 rsfp = fopen(argv[0],"r");
323 if (rsfp == Nullfp) {
325 #ifndef IAMSUID /* in case script is not readable before setuid */
326 if (euid && stat(filename,&statbuf) >= 0 &&
327 statbuf.st_mode & (S_ISUID|S_ISGID)) {
328 (void)sprintf(buf, "%s/%s", BIN, "suidperl");
329 execv(buf, origargv); /* try again */
330 fatal("Can't do setuid\n");
334 fatal("Can't open perl script \"%s\": %s\n",
335 filename, strerror(errno));
337 str_free(str); /* free -I directories */
339 /* do we need to emulate setuid on scripts? */
341 /* This code is for those BSD systems that have setuid #! scripts disabled
342 * in the kernel because of a security problem. Merely defining DOSUID
343 * in perl will not fix that problem, but if you have disabled setuid
344 * scripts in the kernel, this will attempt to emulate setuid and setgid
345 * on scripts that have those now-otherwise-useless bits set. The setuid
346 * root version must be called suidperl. If regular perl discovers that
347 * it has opened a setuid script, it calls suidperl with the same argv
348 * that it had. If suidperl finds that the script it has just opened
349 * is NOT setuid root, it sets the effective uid back to the uid. We
350 * don't just make perl setuid root because that loses the effective
351 * uid we had before invoking perl, if it was different from the uid.
353 * DOSUID must be defined in both perl and suidperl, and IAMSUID must
354 * be defined in suidperl only. suidperl must be setuid root. The
355 * Configure script will set this up for you if you want it.
357 * There is also the possibility of have a script which is running
358 * set-id due to a C wrapper. We want to do the TAINT checks
359 * on these set-id scripts, but don't want to have the overhead of
360 * them in normal perl, and can't use suidperl because it will lose
361 * the effective uid info, so we have an additional non-setuid root
362 * version called taintperl that just does the TAINT checks.
366 if (fstat(fileno(rsfp),&statbuf) < 0) /* normal stat is insecure */
367 fatal("Can't stat script \"%s\"",filename);
368 if (statbuf.st_mode & (S_ISUID|S_ISGID)) {
373 /* On this access check to make sure the directories are readable,
374 * there is actually a small window that the user could use to make
375 * filename point to an accessible directory. So there is a faint
376 * chance that someone could execute a setuid script down in a
377 * non-accessible directory. I don't know what to do about that.
378 * But I don't think it's too important. The manual lies when
379 * it says access() is useful in setuid programs.
381 if (access(filename,1)) /* as a double check */
382 fatal("Permission denied");
384 /* If we can swap euid and uid, then we can determine access rights
385 * with a simple stat of the file, and then compare device and
386 * inode to make sure we did stat() on the same file we opened.
387 * Then we just have to make sure he or she can execute it.
390 struct stat tmpstatbuf;
392 if (setreuid(euid,uid) < 0 || getuid() != euid || geteuid() != uid)
393 fatal("Can't swap uid and euid"); /* really paranoid */
394 if (stat(filename,&tmpstatbuf) < 0) /* testing full pathname here */
395 fatal("Permission denied");
396 if (tmpstatbuf.st_dev != statbuf.st_dev ||
397 tmpstatbuf.st_ino != statbuf.st_ino) {
399 if (rsfp = mypopen("/bin/mail root","w")) { /* heh, heh */
401 "User %d tried to run dev %d ino %d in place of dev %d ino %d!\n\
402 (Filename of set-id script was %s, uid %d gid %d.)\n\nSincerely,\nperl\n",
403 uid,tmpstatbuf.st_dev, tmpstatbuf.st_ino,
404 statbuf.st_dev, statbuf.st_ino,
405 filename, statbuf.st_uid, statbuf.st_gid);
406 (void)mypclose(rsfp);
408 fatal("Permission denied\n");
410 if (setreuid(uid,euid) < 0 || getuid() != uid || geteuid() != euid)
411 fatal("Can't reswap uid and euid");
412 if (!cando(S_IEXEC,FALSE,&statbuf)) /* can real uid exec? */
413 fatal("Permission denied\n");
415 #endif /* SETREUID */
418 if ((statbuf.st_mode & S_IFMT) != S_IFREG)
419 fatal("Permission denied");
420 if ((statbuf.st_mode >> 6) & S_IWRITE)
421 fatal("Setuid/gid script is writable by world");
422 doswitches = FALSE; /* -s is insecure in suid */
424 if (fgets(tokenbuf,sizeof tokenbuf, rsfp) == Nullch ||
425 strnNE(tokenbuf,"#!",2) ) /* required even on Sys V */
429 while (!isspace(*s)) s++;
430 if (strnNE(s-4,"perl",4)) /* sanity check */
431 fatal("Not a perl script");
432 while (*s == ' ' || *s == '\t') s++;
434 * #! arg must be what we saw above. They can invoke it by
435 * mentioning suidperl explicitly, but they may not add any strange
436 * arguments beyond what #! says if they do invoke suidperl that way.
438 len = strlen(validarg);
439 if (strEQ(validarg," PHOOEY ") ||
440 strnNE(s,validarg,len) || !isspace(s[len]))
441 fatal("Args must match #! line");
444 if (euid != uid && (statbuf.st_mode & S_ISUID) &&
445 euid == statbuf.st_uid)
447 fatal("YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!\n\
448 FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!\n");
451 if (euid) { /* oops, we're not the setuid root perl */
454 (void)sprintf(buf, "%s/%s", BIN, "suidperl");
455 execv(buf, origargv); /* try again */
457 fatal("Can't do setuid\n");
460 if (statbuf.st_mode & S_ISGID && statbuf.st_gid != egid)
462 (void)setegid(statbuf.st_gid);
465 (void)setregid((GIDTYPE)-1,statbuf.st_gid);
467 setgid(statbuf.st_gid);
470 if (statbuf.st_mode & S_ISUID) {
471 if (statbuf.st_uid != euid)
473 (void)seteuid(statbuf.st_uid); /* all that for this */
476 (void)setreuid((UIDTYPE)-1,statbuf.st_uid);
478 setuid(statbuf.st_uid);
482 else if (uid) /* oops, mustn't run as root */
484 (void)seteuid((UIDTYPE)uid);
487 (void)setreuid((UIDTYPE)-1,(UIDTYPE)uid);
489 setuid((UIDTYPE)uid);
493 euid = (int)geteuid();
495 egid = (int)getegid();
496 if (!cando(S_IEXEC,TRUE,&statbuf))
497 fatal("Permission denied\n"); /* they can't do this */
501 fatal("-P not allowed for setuid/setgid script\n");
503 fatal("Script is not setuid/setgid in suidperl\n");
505 #ifndef TAINT /* we aren't taintperl or suidperl */
506 /* script has a wrapper--can't run suidperl or we lose euid */
507 else if (euid != uid || egid != gid) {
509 (void)sprintf(buf, "%s/%s", BIN, "taintperl");
510 execv(buf, origargv); /* try again */
511 fatal("Can't run setuid script with taint checks");
516 #ifndef TAINT /* we aren't taintperl or suidperl */
517 if (euid != uid || egid != gid) { /* (suidperl doesn't exist, in fact) */
518 #ifndef SETUID_SCRIPTS_ARE_SECURE_NOW
519 fstat(fileno(rsfp),&statbuf); /* may be either wrapped or real suid */
520 if ((euid != uid && euid == statbuf.st_uid && statbuf.st_mode & S_ISUID)
522 (egid != gid && egid == statbuf.st_gid && statbuf.st_mode & S_ISGID)
525 fatal("YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!\n\
526 FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!\n");
527 #endif /* SETUID_SCRIPTS_ARE_SECURE_NOW */
528 /* not set-id, must be wrapped */
530 (void)sprintf(buf, "%s/%s", BIN, "taintperl");
531 execv(buf, origargv); /* try again */
532 fatal("Can't run setuid script with taint checks");
537 defstab = stabent("_",TRUE);
541 stab_xhash(stabent("_DB",TRUE)) = debstash;
543 lineary = stab_xarray(aadd((tmpstab = stabent("line",TRUE))));
544 tmpstab->str_pok |= SP_MULTI;
545 subname = str_make("main",4);
546 DBstab = stabent("DB",TRUE);
547 DBstab->str_pok |= SP_MULTI;
548 DBsub = hadd(tmpstab = stabent("sub",TRUE));
549 tmpstab->str_pok |= SP_MULTI;
550 DBsingle = stab_val((tmpstab = stabent("single",TRUE)));
551 tmpstab->str_pok |= SP_MULTI;
557 bufend = bufptr = str_get(linestr);
559 savestack = anew(Nullstab); /* for saving non-local values */
560 stack = anew(Nullstab); /* for saving non-local values */
561 stack->ary_flags = 0; /* not a real array */
563 /* now parse the script */
566 if (yyparse() || error_count)
567 fatal("Execution aborted due to compilation errors.\n");
569 New(50,loop_stack,128,struct loop);
572 New(51,debname,128,char);
573 New(52,debdelim,128,char);
581 (void)UNLINK(e_tmpname);
584 /* initialize everything that won't change if we undump */
586 if (sigstab = stabent("SIG",allstabs)) {
587 sigstab->str_pok |= SP_MULTI;
591 magicalize("!#?^~=-%0123456789.+&*()<>,\\/[|`':");
593 amperstab = stabent("&",allstabs);
594 leftstab = stabent("`",allstabs);
595 rightstab = stabent("'",allstabs);
596 sawampersand = (amperstab || leftstab || rightstab);
597 if (tmpstab = stabent(":",allstabs))
598 str_set(STAB_STR(tmpstab),chopset);
600 /* these aren't necessarily magical */
601 if (tmpstab = stabent(";",allstabs))
602 str_set(STAB_STR(tmpstab),"\034");
606 if (tmpstab = stabent("0",allstabs))
607 str_set(STAB_STR(tmpstab),origfilename);
611 if (tmpstab = stabent("]",allstabs))
612 str_set(STAB_STR(tmpstab),rcsid);
613 str_nset(stab_val(stabent("\"", TRUE)), " ", 1);
615 stdinstab = stabent("STDIN",TRUE);
616 stdinstab->str_pok |= SP_MULTI;
617 stab_io(stdinstab) = stio_new();
618 stab_io(stdinstab)->ifp = stdin;
619 tmpstab = stabent("stdin",TRUE);
620 stab_io(tmpstab) = stab_io(stdinstab);
621 tmpstab->str_pok |= SP_MULTI;
623 tmpstab = stabent("STDOUT",TRUE);
624 tmpstab->str_pok |= SP_MULTI;
625 stab_io(tmpstab) = stio_new();
626 stab_io(tmpstab)->ofp = stab_io(tmpstab)->ifp = stdout;
627 defoutstab = tmpstab;
628 tmpstab = stabent("stdout",TRUE);
629 stab_io(tmpstab) = stab_io(defoutstab);
630 tmpstab->str_pok |= SP_MULTI;
632 curoutstab = stabent("STDERR",TRUE);
633 curoutstab->str_pok |= SP_MULTI;
634 stab_io(curoutstab) = stio_new();
635 stab_io(curoutstab)->ofp = stab_io(curoutstab)->ifp = stderr;
636 tmpstab = stabent("stderr",TRUE);
637 stab_io(tmpstab) = stab_io(curoutstab);
638 tmpstab->str_pok |= SP_MULTI;
639 curoutstab = defoutstab; /* switch back to STDOUT */
641 statname = Str_new(66,0); /* last filename we did stat on */
643 perldb = FALSE; /* don't try to instrument evals */
653 just_doit: /* come here if running an undumped a.out */
654 argc--,argv++; /* skip name of script */
656 for (; argc > 0 && **argv == '-'; argc--,argv++) {
657 if (argv[0][1] == '-') {
661 str_numset(stab_val(stabent(argv[0]+1,TRUE)),(double)1.0);
667 if (argvstab = stabent("ARGV",allstabs)) {
668 argvstab->str_pok |= SP_MULTI;
669 (void)aadd(argvstab);
670 for (; argc > 0; argc--,argv++) {
671 (void)apush(stab_array(argvstab),str_make(argv[0],0));
675 (void) stabent("ENV",TRUE); /* must test PATH and IFS */
677 if (envstab = stabent("ENV",allstabs)) {
678 envstab->str_pok |= SP_MULTI;
680 for (; *env; env++) {
681 if (!(s = index(*env,'=')))
684 str = str_make(s--,0);
685 str_magic(str, envstab, 'E', *env, s - *env);
686 (void)hstore(stab_hash(envstab), *env, s - *env, str, 0);
693 if (tmpstab = stabent("$",allstabs))
694 str_numset(STAB_STR(tmpstab),(double)getpid());
696 if (setjmp(top_env)) /* sets goto_targ on longjump */
697 loop_ptr = -1; /* start label stack again */
703 fprintf(stderr,"\nEXECUTING...\n\n");
708 (void) cmd_exec(main_root,G_SCALAR,-1);
711 fatal("Can't find label \"%s\"--aborting",goto_targ);
723 while (*sym = *list++) {
724 if (stab = stabent(sym,allstabs)) {
725 stab_flags(stab) = SF_VMAGIC;
726 str_magic(stab_val(stab), stab, 0, Nullch, 0);
731 /* this routine is in perly.c by virtue of being sort of an alternate main() */
734 do_eval(str,optype,stash,gimme,arglast)
741 STR **st = stack->ary_array;
746 char * VOLATILE oldfile = filename;
747 VOLATILE line_t oldline = line;
748 VOLATILE int oldtmps_base = tmps_base;
749 VOLATILE int oldsave = savestack->ary_fill;
750 SPAT * VOLATILE oldspat = curspat;
751 static char *last_eval = Nullch;
752 static CMD *last_root = Nullcmd;
753 VOLATILE int sp = arglast[0];
756 tmps_base = tmps_max;
757 if (curstash != stash) {
758 (void)savehptr(&curstash);
761 str_set(stab_val(stabent("@",TRUE)),"");
762 if (optype != O_DOFILE) { /* normal eval */
765 str_sset(linestr,str);
766 str_cat(linestr,";"); /* be kind to them */
769 if (last_root && !in_eval) {
774 filename = savestr(str_get(str)); /* can't free this easily */
776 rsfp = fopen(filename,"r");
777 ar = stab_array(incstab);
778 if (!rsfp && *filename != '/') {
779 for (i = 0; i <= ar->ary_fill; i++) {
780 (void)sprintf(buf,"%s/%s",str_get(afetch(ar,i,TRUE)),filename);
781 rsfp = fopen(buf,"r");
783 filename = savestr(buf);
790 tmps_base = oldtmps_base;
791 if (gimme != G_ARRAY)
792 st[++sp] = &str_undef;
798 oldoldbufptr = oldbufptr = bufptr = str_get(linestr);
799 bufend = bufptr + linestr->str_cur;
800 if (++loop_ptr >= loop_max) {
802 Renew(loop_stack, loop_max, struct loop);
804 loop_stack[loop_ptr].loop_label = "_EVAL_";
805 loop_stack[loop_ptr].loop_sp = sp;
808 deb("(Pushing label #%d _EVAL_)\n", loop_ptr);
811 if (setjmp(loop_stack[loop_ptr].loop_env)) {
819 else if (last_root && *bufptr == *last_eval && strEQ(bufptr,last_eval)){
821 eval_root = last_root; /* no point in reparsing */
823 else if (in_eval == 1) {
828 last_eval = savestr(bufptr);
832 last_root = eval_root;
837 myroot = eval_root; /* in case cmd_exec does another eval! */
838 if (retval || error_count) {
839 st = stack->ary_array;
841 if (gimme != G_ARRAY)
842 st[++sp] = &str_undef;
843 last_root = Nullcmd; /* can't free on error, for some reason */
850 sp = cmd_exec(eval_root,gimme,sp);
851 st = stack->ary_array;
852 for (i = arglast[0] + 1; i <= sp; i++)
853 st[i] = str_static(st[i]);
854 /* if we don't save result, free zaps it */
855 if (in_eval != 1 && myroot != last_root)
861 tmps = loop_stack[loop_ptr].loop_label;
862 deb("(Popping label #%d %s)\n",loop_ptr,
869 tmps_base = oldtmps_base;
871 if (savestack->ary_fill > oldsave) /* let them use local() */
872 restorelist(oldsave);