From owner-cvs-all Thu Aug 22 17:52: 2 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AD6337B400; Thu, 22 Aug 2002 17:51:58 -0700 (PDT) Received: from dilbert.robbins.dropbear.id.au (119.c.010.mel.iprimus.net.au [210.50.202.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE6CD43E6E; Thu, 22 Aug 2002 17:51:55 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from dilbert.robbins.dropbear.id.au (0qekx6xv92vcb2eb@localhost [127.0.0.1]) by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3) with ESMTP id g7N0pfEa026328; Fri, 23 Aug 2002 10:51:42 +1000 (EST) (envelope-from tim@dilbert.robbins.dropbear.id.au) Received: (from tim@localhost) by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3/Submit) id g7N0peSs026327; Fri, 23 Aug 2002 10:51:40 +1000 (EST) Date: Fri, 23 Aug 2002 10:51:40 +1000 From: Tim Robbins To: Mark Murray Cc: cvs-all@freebsd.org, cvs-committers@freebsd.org Subject: Re: cvs commit: src/usr.bin/perl pathnames.h perl.c Message-ID: <20020823105140.A24997@dilbert.robbins.dropbear.id.au> References: <20020822112151.A17650@uriah.heep.sax.de> <200208221039.g7MAduQg056353@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200208221039.g7MAduQg056353@grimreaper.grondar.org>; from mark@grondar.za on Thu, Aug 22, 2002 at 11:39:56AM +0100 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Aug 22, 2002 at 11:39:56AM +0100, Mark Murray wrote: > > Anyway, upon seeing the current /usr/bin/perl, i thought it to > > be a Good Idea. Since virtually all Unix-like operating systems > > these days (with FreeBSD being the exception now) ship Perl as > > /usr/bin/perl, it makes the script well portable to have a > > redirector there. We've got so many other redirectors (MTA, > > binutils -> ELF/COFF etc.), why not keep /usr/bin/perl as well? > > My (not very strong) objection to this is that it is too specific. It's way too specific, difficult to get right when perl isn't in the PATH or when PATH is untrusted and `tricks' some programs into thinking perl is installed when it is not (editors/vim port, for example). I think the perl wrapper should be treated as if it were suid, and more attention paid to its security and correctness. Using strcmp() to check whether two pathnames refer to the same file, for example, is not very careful, and leads to infinite execve() loops when files have multiple links. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message