From: Jarkko Hietaniemi Date: Sun, 19 Mar 2000 01:22:47 +0000 (+0000) Subject: Taint also the passwd field of the getpw*(). X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=2959b6e3384ea619841b1f9556846dd2755caf04;p=p5sagit%2Fp5-mst-13.2.git Taint also the passwd field of the getpw*(). p4raw-id: //depot/cfgperl@5810 --- diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 8904889..88655be 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -206,10 +206,11 @@ will produce different results on platforms that have different $Config{ivsize}. For portability, be sure to mask off the excess bits in the result of unary C<~>, e.g., C<~$x & 0xffffffff>. -=head2 The shell returned by the getpwxxx() is now tainted +=head2 The passwd and shell returned by the getpwxxx() are now tainted -Because the user can affect her own login shell the shell returned -by the getpwent(), getpwnam(), and getpwuid() functions is tainted. +Because the user can affect her own encrypted password and login shell +the password and shell returned by the getpwent(), getpwnam(), and +getpwuid() functions are tainted. =back diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 2c55a95..c4c7e3f 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -1863,8 +1863,9 @@ The exact meaning of the $gcos field varies but it usually contains the real name of the user (as opposed to the login name) and other information pertaining to the user. Beware, however, that in many system users are able to change this information and therefore it -cannot be trusted and therefore the $gcos is is tainted (see L). -The $shell, user's login shell, is also tainted, because of the same reason. +cannot be trusted and therefore the $gcos is is tainted (see +L). The $passwd and $shell, user's encrypted password and +login shell, are also tainted, because of the same reason. In scalar context, you get the name, unless the function was a lookup by name, in which case you get the other thing, whatever it is. diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e613165..713a89c 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -33,10 +33,10 @@ You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see L), results of certain system calls (readdir, readlink, -the gecos and shell fields of getpw* calls), and all file input are -marked as "tainted". Tainted data may not be used directly or -indirectly in any command that invokes a sub-shell, nor in any command -that modifies files, directories, or processes. (B: If you pass a list of arguments to either C or C, the elements of that list are B checked for taintedness.) Any variable set to a value derived from tainted data diff --git a/pp_sys.c b/pp_sys.c index 5bbe250..0ec539d 100644 --- a/pp_sys.c +++ b/pp_sys.c @@ -4835,6 +4835,10 @@ PP(pp_gpwent) sv_setpv(sv, pwent->pw_passwd); # endif #endif +#ifndef INCOMPLETE_TAINTS + /* passwd is tainted because user himself can diddle with it. */ + SvTAINTED_on(sv); +#endif PUSHs(sv = sv_mortalcopy(&PL_sv_no)); #if Uid_t_sign <= 0 diff --git a/t/op/taint.t b/t/op/taint.t index 6a5d6b7..883f069 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -547,7 +547,7 @@ else { my @getpwent = getpwent(); die "getpwent: $!\n" unless (@getpwent); test 142,( not tainted $getpwent[0] - and not tainted $getpwent[1] + and tainted $getpwent[1] and not tainted $getpwent[2] and not tainted $getpwent[3] and not tainted $getpwent[4]