Subject: pkg/35831: perl should not blindly believe /proc/self/exe
To: None <,,>
From: None <>
List: pkgsrc-bugs
Date: 02/24/2007 19:20:00
>Number:         35831
>Category:       pkg
>Synopsis:       perl should not blindly believe /proc/self/exe
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 24 19:20:00 +0000 2007
>Originator:     Alan Barrett
>Release:        NetBSD 4.99.12
Not much
System: NetBSD 4.99.12
Architecture: i386
Machine: i386
perl-5.8.8 (from pkgsrc/lang/perl5) tries to determine at
configure time whether /proc/self/exe is a symlink to the
running program.  At run time, it does not adequately sanity
check the result from readlink("/proc/self/exe").  This
can lead to perl's $^X variable containing "/" instead of a valid
path to the perl interpreter.


$ pkg_info -e perl\*
$ type perl
perl is /usr/pkg/bin/perl
$ mount | grep procfs
procfs on /proc type procfs (local)
$ sudo mount -t null /usr/pkg /mnt
$ /mnt/bin/perl -e 'print $^X, "\n"' # should print /mnt/bin/perl
$ sudo umount /mnt


Apply the following patch (in addition to the patch that's
already in pkgsrc/lang/perl5/patches/patch-ah):

--- perl.c.orig	2006-01-31 12:34:47.000000000 +0000
+++ perl.c
@@ -4615,8 +4615,10 @@ S_procself_val(pTHX_ SV *sv, char *arg0)
        to the executable (or returning an error from the readlink).  Any valid
        path has a '/' in it somewhere, so use that to validate the result.
+       NetBSD's implementation sometimes returns "/"; reject that too.
-    if (len > 0 && memchr(buf, '/', len)) {
+    if (len > 1 && memchr(buf, '/', len)) {
     else {