Changing $< Unexpectedly Invoked Taint Mode

[p5pRT]

Migrated from rt.perl.org#69246 (status was 'resolved')

Searchable as RT69246$

[p5pRT]

From imacat@mail.imacat.idv.tw

Created by imacat@mail.imacat.idv.tw

Dear all\,

  Hi. This is imacat from Taiwan. I found that since Perl 5.10.1\, changing $\< (real user id) unexpectedly invoked the taint mode. This is not found in perl5101delta. This breaks existing applications like MRTG\, that they cannot read and use any foreign data anymore if they want to change their UID.

  I have created a sample test case and attached below. Please tell me if you need any more information\, or if I could be of any help. Thank you.

root@​rinse​:\~# cat /tmp/test.pl #! /usr/bin/perl -w print "before chuid​: " . (${^TAINT}? "taint mode\n"​: "not taint mode\n"); $\< = 1; print "after chuid​: " . (${^TAINT}? "taint mode\n"​: "not taint mode\n"); root@​rinse​:\~# /tmp/test.pl before chuid​: not taint mode after chuid​: taint mode root@​rinse​:\~#

Perl Info

``` Flags: category=core severity=medium Site configuration information for perl 5.10.1: Configured by imacat at Mon Sep 7 21:59:32 CST 2009. Summary of my perl5 (revision 5 version 10 subversion 1) configuration: Platform: osname=linux, osvers=2.6.26-2-amd64, archname=x86_64-linux-thread-multi-ld uname='linux rinse 2.6.26-2-amd64 #1 smp wed aug 19 22:33:18 utc 2009 x86_64 gnulinux ' config_args='-s -d -Dprefix=/usr -Dusethreads -Duselongdouble -Doptimize=-O3 -DDEBUGGING=-g -Dd_dosuid -Dotherlibdirs=/usr/lib/perl5:/usr/share/perl5 -Dinc_version_list=none -Duseshrplib=true -Dcf_email=imacat@mail.imacat.idv.tw -Dpager=/usr/bin/sensible-pager' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=define usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O3 -g', cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='', gccversion='4.3.2', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='long double', nvsize=16, Off_t='off_t', lseeksize=8 alignbytes=16, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so gnulibc_version='2.7' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld/CORE' cccdlflags='-fPIC', lddlflags='-shared -O3 -g -L/usr/local/lib -fstack-protector' Locally applied patches: @INC for perl 5.10.1: /home/imacat/lib/perl5 /usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld /usr/lib/perl5/5.10.1 /usr/lib/perl5/site_perl/5.10.1/x86_64-linux-thread-multi-ld /usr/lib/perl5/site_perl/5.10.1 /usr/lib/perl5/5.10.1/x86_64-linux-thread-multi-ld /usr/lib/perl5/5.10.1 /usr/lib/perl5 /usr/share/perl5 . Environment for perl 5.10.1: HOME=/home/imacat LANG=zh_TW LANGUAGE=zh_TW LC_ALL=zh_TW LC_COLLATE=zh_TW LC_CTYPE=zh_TW LC_MESSAGES=zh_TW LC_MONETARY=zh_TW LC_NUMERIC=zh_TW LC_TIME=zh_TW LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/imacat/bin:/bin:/usr/bin:/usr/local/bin PERL5LIB=/home/imacat/lib/perl5 PERL_BADLANG (unset) SHELL=/bin/zsh ```

[p5pRT]

From @obra

Thanks for the report\, imacat. This issue is a duplicate of 67260. I'm resolving this ticket today. That doesn't mean that the bug's invalid\, just that we're already tracking it in another ticket.

Best\, Jesse

[p5pRT]

@obra - Status changed from 'new' to 'resolved'