Commit Graph

60 Commits

Author SHA1 Message Date
Joerg Wunsch
c6850a7698 Sigh, there's always one more buffer overflow. :-(
This one hinted to by the recently posted exploit (although not exploited by
it).
1997-09-16 08:33:52 +00:00
John-Mark Gurney
46657c7e77 fix a few spelling changes
Submitted by: Josh Gilliam

Closes PR's: 4429, 4431-4438

PS: He has agreed to submit all contrib fixes back to the original author.
1997-08-30 12:22:49 +00:00
Joerg Wunsch
bc151cdc8c Major Ooops. I've overlooked a few calls to scanident() in my last commit.
Submitted by:	rbezuide@oskar.nanoteq.co.za (Reinier Bezuidenhout)
1997-08-27 17:18:30 +00:00
Joerg Wunsch
66457fe332 Fix a buffer overflow condition (that causes a security hole in suidperl).
Closes: CERT Advisory CA-97.17 - Vulnerability in suidperl
Obtained from: (partly) the fix in CA-97.17
1997-08-08 20:53:59 +00:00
Warner Losh
628c89d341 Fix buffer overload that might lead to root. 1997-05-22 21:40:08 +00:00
Joerg Wunsch
1365d7de03 Plug an old security hole: suidperl didn't honor MNT_NOSUID.
Strong 2.2 and 2.1.x candidate.  Someone should review the patch before,
however.

The maintainer of the Perl5 port should probably introduce a similar patch
there.
1997-03-01 12:58:49 +00:00
Peter Wemm
fce15c9ab3 Revert $FreeBSD$ to $Id$ 1997-02-22 15:48:31 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Jordan K. Hubbard
1e97817fad Remove bogus redeclaration of setenv().
Fixes make world failure #3 for today (part of an ongoing series).
1997-01-07 06:26:19 +00:00
Poul-Henning Kamp
328f21ee08 Remove a couple of private malloc() implementations, one of which
was unused afterall.
1996-12-23 20:21:35 +00:00
Andrey A. Chernov
efca252ab2 Disable seteuid/setegid back, I overlook one place where
SETEUID chacked before SETREUID
1996-12-07 00:16:04 +00:00
Andrey A. Chernov
f7b6171d98 Enable seteuid, setegid 1996-12-06 22:59:56 +00:00
Nate Williams
e744d38673 Added support for '-T' and '-B' (text and binary) file recognition by
peeking inside of Chris Torek's stdio library internals.  This is
similar to the code used for other systems, but didn't work on CT's new
implementation.

Submitted by:	Gary Kline <kline@tera.com>
1996-12-03 21:56:15 +00:00
Wolfram Schneider
e83201b43a delete doubled words, e.g.: "the the" -> "the" 1996-10-05 22:27:30 +00:00
Paul Traina
cfa804d6ba Grab h2ph from /usr/bin, not /usr/local/bin! 1996-09-17 01:14:18 +00:00
Joerg Wunsch
6d41a714b2 Back out Nate's changes from rev. 1.6; our Perl has not been
vulnerable since it used setreuid() as opposed to Posix saved IDs.
The change broke setuid scripts.
1996-06-30 09:47:56 +00:00
Nate Williams
11b7f01b8f Fix for " CERT Advisory CA-96.12 - Vulnerability in suidperl"
Submitted by:	The Perl Gods as described in the advisory
1996-06-26 19:12:25 +00:00
Jordan K. Hubbard
cd9a2f5c28 Bring in my changes for removing the pestilent obj links (unless you
really want them) from /usr/src.  This is the final version of the
patches, incorporating the feedback I've received from -current.
1996-06-24 04:26:21 +00:00
Gary Palmer
b9d38b0c2f Use setreuid instead of seteuid for permissions management 1996-06-02 19:59:26 +00:00
Joerg Wunsch
8aa07454ea Several changes to the gethostname module:
. rename the function to main'gethostname, so it can be called unqualified,
. strip the trailing \0 character, closes PR # bin/1084,
. a better way to express an insane long string.

Submitted by:	Giles Lean <giles@topaz.nemeton.com.au> (except the 1st)
1996-03-18 21:42:31 +00:00
Joerg Wunsch
20ef00ec9c Add a small `gethostname' package. It uses __sysctl(2), and thus
avoids the kludgy backquotes that are required by now (`hostname`).

Usage:

require "gethostname.pl";
$thishost = &gethostname'gethostname;
1996-02-13 13:17:49 +00:00
Peter Wemm
a5b996a7ec recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
Bruce Evans
9c0dc173cc Change install' to ${INSTALL}' so that default install flags can be
specified in the top level Makefiles.
1995-07-25 00:37:58 +00:00
Rodney W. Grimes
4399be3cbd Remove trailing whitespace. 1995-05-30 05:05:38 +00:00
Andrey A. Chernov
f7cdf1f7ad Add link to sperl4.036, needed for suid scripts and pgms
which use sperl$]
1995-05-28 19:40:18 +00:00
Andrey A. Chernov
5a630b07ee Make link to tperl4.036, needed for suid scripts and other stuff
which use tperl$]
1995-05-28 19:38:59 +00:00
Andrey A. Chernov
4b7250c3f9 Fix $] variable value (version number), close PR 449
Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-05-28 19:21:54 +00:00
Andrey A. Chernov
4843859879 Remove setr* hacks 1995-04-27 19:56:37 +00:00
Bruce Evans
15519b2f58 Fix compiler warnings: don't declare enum types as static. 1995-04-02 13:11:14 +00:00
Andrey A. Chernov
4b99bfd375 Comment out all perverted curses optimization 1995-03-26 03:01:04 +00:00
Andrey A. Chernov
4b0ef7df4c Change wrong -ltermcap -ltermlib picked up to -lmytinfo 1995-03-26 02:41:45 +00:00
Jordan K. Hubbard
91f88b9615 Get PERL found in any of its obvious locations. 1995-03-25 17:14:11 +00:00
Bruce Evans
efeca6c1f3 Don't attempt to fix the mode of mus - mus might be read-only. Just
interpret it.  I've preserved the bugs that perl must be installed
to build part of perl and that it must be installed in the wrong place
(no ${DESTDIR}).
1995-03-25 15:43:57 +00:00
Jordan K. Hubbard
d8274511ca If mus script not executable, fix. 1995-03-24 19:22:33 +00:00
Jordan K. Hubbard
97d6478890 Adjust include paths. 1995-03-24 05:56:41 +00:00
Jordan K. Hubbard
80926682fd Bring back perl/usub as usub/, this time containing an updated curseperl
which is also installed by default (the reason for which should also be
plain shortly).
1995-03-24 04:33:54 +00:00
Rodney W. Grimes
a533e22a54 Export ${DESTDIR} to h2ph so that the *.ph files end up in the DESTDIR
directories instead of /usr/share/perl.
1995-02-14 21:47:04 +00:00
Ugen J.S. Antsilevich
a351d38006 Fix to h2ph "undefined function" bug
i reported today earlier..tested and works OK..
( To those who want to experience bug try running aub
with old version of socket.ph and with new one or just any
perl script  "requiring " <sys/socket.ph> or <sys/cdefs.ph> )
1995-02-03 15:16:03 +00:00
Jordan K. Hubbard
d15b7357a8 Install suidperl suid root.
Submitted by:	Jean-Marc Zucconi <jmz@cabri.obs-besancon.fr>
1995-01-14 03:31:27 +00:00
Joerg Wunsch
2563fac568 I think someone has already talk about it but I just got bitten again :
perl setuid scripts don't work in 2.1-current for the same reason they were
not working in 1.1.5.1.

Perl 5 has the same "problem" of course.

We have almost POSIX saved uids but  we must undefine the following symbols
in order to get setuid perl scripts :

Submitted by:	roberto@blaise.ibp.fr (Ollivier Robert)
1995-01-09 17:52:25 +00:00
Rodney W. Grimes
8546c86b55 Add usr/share/perl/sys to mtree file, remove private mkdir from Makefile. 1995-01-03 02:57:53 +00:00
Rodney W. Grimes
1f2cdfec28 Add missing ${DESTDIR} so that the library ends up in a release.
Remove mkdir -p, this is handled by make hierarchy.
Add NOOBJ= to override obj: target, and remove local obj: target.
1995-01-01 20:30:56 +00:00
Bruce Evans
47bcf800c3 Fix previous commit. Installing links to manpages without installing
manpages is not completely trivial.

Please don't commit untested changes.
1995-01-01 17:21:09 +00:00
Bruce Evans
2e8e965294 Fix previous commit. 1995-01-01 17:14:45 +00:00
Gary Clark II
b6490eb503 Add mlinks for man page
Reviewed by:
Submitted by:
Obtained from:
1994-12-31 21:10:46 +00:00
Andreas Schulz
a7f24f529c Add the files y.tab.h and a2p.c that get automatically generated to
the CLEANFILES target. Remove the file a2p.c from the source tree, this get
generated anew from a2p.y.
1994-11-28 18:30:44 +00:00
Jordan K. Hubbard
d76158cc6e From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
in getting mirror-2.3 to work with FreeBSD, i found that timelocal.pl has
a bug.  a patch is included below.  this needs to be applied to both
src/gnu/usr.bin/perl/lib/timelocal.pl and
src/usr.sbin/xntpd/scripts/monitoring/timelocal.pl

Submitted by:	jmb
1994-11-18 02:24:06 +00:00
Gary Clark II
e4aaba56f5 Correct my hosing...:( 1994-11-03 23:50:43 +00:00
Gary Clark II
15aafd644b Change libs to install in /usr/lib/perl 1994-11-03 20:07:46 +00:00
Gary Clark II
05fd6621b0 Change libs to /usr/lib/perl
Reviewed by:
Submitted by:
Obtained from:
1994-11-03 20:03:53 +00:00