From: Nicholas Clark Date: Fri, 18 Jan 2008 14:27:36 +0000 (+0000) Subject: Eliminate all PERL_UNUSED_ARG()s in S_validate_suid() by changing its X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=ec2019add1c7fdb16a67372a1ed14c16660c3cea;p=p5sagit%2Fp5-mst-13.2.git Eliminate all PERL_UNUSED_ARG()s in S_validate_suid() by changing its prototype depending on the compile time options. In turn, this finds things that are unused in its callers. p4raw-id: //depot/perl@33000 --- diff --git a/embed.fnc b/embed.fnc index 0e12772..9aa9378 100644 --- a/embed.fnc +++ b/embed.fnc @@ -1277,10 +1277,23 @@ s |void |nuke_stacks s |int |open_script |NN const char *scriptname|bool dosearch \ |NN int *suidscript|NN PerlIO **rsfpp s |void |usage |NN const char *name -s |void |validate_suid |NN const char *validarg \ - |NN const char *scriptname|int fdscript \ +#ifdef DOSUID +# ifdef IAMSUID +so |void |validate_suid |NN const char *validarg \ + |int fdscript \ |int suidscript|NN SV* linestr_sv \ |NN PerlIO *rsfp +# else +so |void |validate_suid |NN const char *validarg \ + |NN const char *scriptname|int fdscript \ + |NN SV* linestr_sv \ + |NN PerlIO *rsfp +# endif +#else +# ifndef SETUID_SCRIPTS_ARE_SECURE_NOW +so |void |validate_suid |NN PerlIO *rsfp +# endif +#endif # if defined(IAMSUID) s |int |fd_on_nosuid_fs|int fd diff --git a/embed.h b/embed.h index b18b5b6..35a7971 100644 --- a/embed.h +++ b/embed.h @@ -1259,7 +1259,14 @@ #define nuke_stacks S_nuke_stacks #define open_script S_open_script #define usage S_usage -#define validate_suid S_validate_suid +#endif +#ifdef DOSUID +# ifdef IAMSUID +# else +# endif +#else +# ifndef SETUID_SCRIPTS_ARE_SECURE_NOW +# endif #endif # if defined(IAMSUID) #ifdef PERL_CORE @@ -3552,7 +3559,20 @@ #define nuke_stacks() S_nuke_stacks(aTHX) #define open_script(a,b,c,d) S_open_script(aTHX_ a,b,c,d) #define usage(a) S_usage(aTHX_ a) -#define validate_suid(a,b,c,d,e,f) S_validate_suid(aTHX_ a,b,c,d,e,f) +#endif +#ifdef DOSUID +# ifdef IAMSUID +#ifdef PERL_CORE +#endif +# else +#ifdef PERL_CORE +#endif +# endif +#else +# ifndef SETUID_SCRIPTS_ARE_SECURE_NOW +#ifdef PERL_CORE +#endif +# endif #endif # if defined(IAMSUID) #ifdef PERL_CORE diff --git a/perl.c b/perl.c index ccdfa9f..a8f5303 100644 --- a/perl.c +++ b/perl.c @@ -125,16 +125,22 @@ char *getenv (char *); /* Usually in */ static I32 read_e_script(pTHX_ int idx, SV *buf_sv, int maxlen); -#ifdef IAMSUID -#ifndef DOSUID -#define DOSUID -#endif -#endif /* IAMSUID */ - -#ifdef SETUID_SCRIPTS_ARE_SECURE_NOW #ifdef DOSUID -#undef DOSUID -#endif +# ifdef IAMSUID +/* Drop scriptname */ +# define validate_suid(validarg, scriptname, fdscript, suidscript, linestr_sv, rsfp) S_validate_suid(aTHX_ validarg, fdscript, suidscript, linestr_sv, rsfp) +# else +/* Drop suidscript */ +# define validate_suid(validarg, scriptname, fdscript, suidscript, linestr_sv, rsfp) S_validate_suid(aTHX_ validarg, scriptname, fdscript, linestr_sv, rsfp) +# endif +#else +# ifdef SETUID_SCRIPTS_ARE_SECURE_NOW +/* Drop everything. Heck, don't even try to call it */ +# define validate_suid(validarg, scriptname, fdscript, suidscript, linestr_sv, rsfp) NOOP +# else +/* Drop almost everything */ +# define validate_suid(validarg, scriptname, fdscript, suidscript, linestr_sv, rsfp) S_validate_suid(aTHX_ rsfp) +# endif #endif #define CALL_BODY_EVAL(myop) \ @@ -1486,12 +1492,9 @@ perl_parse(pTHXx_ XSINIT_t xsinit, int argc, char **argv, char **env) PERL_UNUSED_ARG(my_perl); -#ifdef SETUID_SCRIPTS_ARE_SECURE_NOW -#ifdef IAMSUID -#undef IAMSUID - Perl_croak(aTHX_ "suidperl is no longer needed since the kernel can now execute\n\ -setuid perl scripts securely.\n"); -#endif /* IAMSUID */ +#ifdef SETUID_SCRIPTS_ARE_SECURE_NOW_AND_IAMSUID + Perl_croak(aTHX_ "suidperl is no longer needed since the kernel can now " + "execute\nsetuid perl scripts securely.\n"); #endif #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) @@ -3762,31 +3765,20 @@ S_fd_on_nosuid_fs(pTHX_ int fd) } #endif /* IAMSUID */ +#ifdef DOSUID STATIC void -S_validate_suid(pTHX_ const char *validarg, const char *scriptname, - int fdscript, int suidscript, SV *linestr_sv, PerlIO *rsfp) +S_validate_suid(pTHX_ const char *validarg, +# ifndef IAMSUID + const char *scriptname, +# endif + int fdscript, +# ifdef IAMSUID + int suidscript, +# endif + SV *linestr_sv, PerlIO *rsfp) { dVAR; -#ifdef DOSUID const char *s, *s2; -#endif - -#ifdef DOSUID -# ifdef IAMSUID - PERL_UNUSED_ARG(scriptname); -# else - PERL_UNUSED_ARG(suidscript); -# endif -#else - PERL_UNUSED_ARG(validarg); - PERL_UNUSED_ARG(scriptname); - PERL_UNUSED_ARG(linestr_sv); - PERL_UNUSED_ARG(fdscript); - PERL_UNUSED_ARG(suidscript); -# ifdef SETUID_SCRIPTS_ARE_SECURE_NOW - PERL_UNUSED_ARG(rsfp); -# endif -#endif /* do we need to emulate setuid on scripts? */ @@ -3815,8 +3807,6 @@ S_validate_suid(pTHX_ const char *validarg, const char *scriptname, * Configure script will set this up for you if you want it. */ -#ifdef DOSUID - if (PerlLIO_fstat(PerlIO_fileno(rsfp),&PL_statbuf) < 0) /* normal stat is insecure */ Perl_croak(aTHX_ "Can't stat script \"%s\"",PL_origfilename); if (PL_statbuf.st_mode & (S_ISUID|S_ISGID)) { @@ -4158,7 +4148,16 @@ FIX YOUR KERNEL, OR PUT A C WRAPPER AROUND THIS SCRIPT!\n"); PERL_FPU_POST_EXEC Perl_croak(aTHX_ "Can't do setuid (suidperl cannot exec perl)\n"); # endif /* IAMSUID */ +} + #else /* !DOSUID */ + +# ifdef SETUID_SCRIPTS_ARE_SECURE_NOW +/* Don't even need this function. */ +# else +STATIC void +S_validate_suid(pTHX_ PerlIO *rsfp) +{ if (PL_euid != PL_uid || PL_egid != PL_gid) { /* (suidperl doesn't exist, in fact) */ # ifndef SETUID_SCRIPTS_ARE_SECURE_NOW PerlLIO_fstat(PerlIO_fileno(rsfp),&PL_statbuf); /* may be either wrapped or real suid */ @@ -4172,8 +4171,9 @@ FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!\n"); # endif /* SETUID_SCRIPTS_ARE_SECURE_NOW */ /* not set-id, must be wrapped */ } -#endif /* DOSUID */ } +# endif /* SETUID_SCRIPTS_ARE_SECURE_NOW */ +#endif /* DOSUID */ STATIC void S_find_beginning(pTHX_ SV* linestr_sv, PerlIO *rsfp) diff --git a/perl.h b/perl.h index 0dadba4..93e58b9 100644 --- a/perl.h +++ b/perl.h @@ -41,6 +41,24 @@ # endif #endif +/* This logic needs to come after reading config.h, but before including + proto.h */ +#ifdef IAMSUID +# ifndef DOSUID +# define DOSUID +# endif +#endif + +#ifdef SETUID_SCRIPTS_ARE_SECURE_NOW +# ifdef DOSUID +# undef DOSUID +# endif +# ifdef IAMSUID +# undef IAMSUID +# define SETUID_SCRIPTS_ARE_SECURE_NOW_AND_IAMSUID +# endif +#endif + /* See L for detailed notes on * PERL_IMPLICIT_CONTEXT and PERL_IMPLICIT_SYS */ diff --git a/proto.h b/proto.h index e290d79..7ffb64a 100644 --- a/proto.h +++ b/proto.h @@ -3410,12 +3410,28 @@ STATIC int S_open_script(pTHX_ const char *scriptname, bool dosearch, int *suids STATIC void S_usage(pTHX_ const char *name) __attribute__nonnull__(pTHX_1); -STATIC void S_validate_suid(pTHX_ const char *validarg, const char *scriptname, int fdscript, int suidscript, SV* linestr_sv, PerlIO *rsfp) +#ifdef DOSUID +# ifdef IAMSUID +STATIC void S_validate_suid(pTHX_ const char *validarg, int fdscript, int suidscript, SV* linestr_sv, PerlIO *rsfp) + __attribute__nonnull__(pTHX_1) + __attribute__nonnull__(pTHX_4) + __attribute__nonnull__(pTHX_5); + +# else +STATIC void S_validate_suid(pTHX_ const char *validarg, const char *scriptname, int fdscript, SV* linestr_sv, PerlIO *rsfp) __attribute__nonnull__(pTHX_1) __attribute__nonnull__(pTHX_2) - __attribute__nonnull__(pTHX_5) - __attribute__nonnull__(pTHX_6); + __attribute__nonnull__(pTHX_4) + __attribute__nonnull__(pTHX_5); +# endif +#else +# ifndef SETUID_SCRIPTS_ARE_SECURE_NOW +STATIC void S_validate_suid(pTHX_ PerlIO *rsfp) + __attribute__nonnull__(pTHX_1); + +# endif +#endif # if defined(IAMSUID) STATIC int S_fd_on_nosuid_fs(pTHX_ int fd);