From 2959b6e3384ea619841b1f9556846dd2755caf04 Mon Sep 17 00:00:00 2001 From: Jarkko Hietaniemi Date: Sun, 19 Mar 2000 01:22:47 +0000 Subject: [PATCH] Taint also the passwd field of the getpw*(). p4raw-id: //depot/cfgperl@5810 --- pod/perldelta.pod | 7 ++++--- pod/perlfunc.pod | 5 +++-- pod/perlsec.pod | 8 ++++---- pp_sys.c | 4 ++++ t/op/taint.t | 2 +- 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 8904889..88655be 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -206,10 +206,11 @@ will produce different results on platforms that have different $Config{ivsize}. For portability, be sure to mask off the excess bits in the result of unary C<~>, e.g., C<~$x & 0xffffffff>. -=head2 The shell returned by the getpwxxx() is now tainted +=head2 The passwd and shell returned by the getpwxxx() are now tainted -Because the user can affect her own login shell the shell returned -by the getpwent(), getpwnam(), and getpwuid() functions is tainted. +Because the user can affect her own encrypted password and login shell +the password and shell returned by the getpwent(), getpwnam(), and +getpwuid() functions are tainted. =back diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 2c55a95..c4c7e3f 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -1863,8 +1863,9 @@ The exact meaning of the $gcos field varies but it usually contains the real name of the user (as opposed to the login name) and other information pertaining to the user. Beware, however, that in many system users are able to change this information and therefore it -cannot be trusted and therefore the $gcos is is tainted (see L). -The $shell, user's login shell, is also tainted, because of the same reason. +cannot be trusted and therefore the $gcos is is tainted (see +L). The $passwd and $shell, user's encrypted password and +login shell, are also tainted, because of the same reason. In scalar context, you get the name, unless the function was a lookup by name, in which case you get the other thing, whatever it is. diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e613165..713a89c 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -33,10 +33,10 @@ You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see L), results of certain system calls (readdir, readlink, -the gecos and shell fields of getpw* calls), and all file input are -marked as "tainted". Tainted data may not be used directly or -indirectly in any command that invokes a sub-shell, nor in any command -that modifies files, directories, or processes. (B: If you pass a list of arguments to either C or C, the elements of that list are B checked for taintedness.) Any variable set to a value derived from tainted data diff --git a/pp_sys.c b/pp_sys.c index 5bbe250..0ec539d 100644 --- a/pp_sys.c +++ b/pp_sys.c @@ -4835,6 +4835,10 @@ PP(pp_gpwent) sv_setpv(sv, pwent->pw_passwd); # endif #endif +#ifndef INCOMPLETE_TAINTS + /* passwd is tainted because user himself can diddle with it. */ + SvTAINTED_on(sv); +#endif PUSHs(sv = sv_mortalcopy(&PL_sv_no)); #if Uid_t_sign <= 0 diff --git a/t/op/taint.t b/t/op/taint.t index 6a5d6b7..883f069 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -547,7 +547,7 @@ else { my @getpwent = getpwent(); die "getpwent: $!\n" unless (@getpwent); test 142,( not tainted $getpwent[0] - and not tainted $getpwent[1] + and tainted $getpwent[1] and not tainted $getpwent[2] and not tainted $getpwent[3] and not tainted $getpwent[4] -- 2.7.4