Subject: Re: pkg/35831: perl should not blindly believe /proc/self/exe
To: None <gnats-bugs@NetBSD.org, pkg-manager@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: pkgsrc-bugs
Date: 02/24/2007 15:03:49
On Feb 24, 7:20pm, apb@cequrux.com (apb@cequrux.com) wrote:
-- Subject: pkg/35831: perl should not blindly believe /proc/self/exe
| >Number: 35831
| >Category: pkg
| >Synopsis: perl should not blindly believe /proc/self/exe
| >Confidential: no
| >Severity: serious
| >Priority: high
| >Responsible: pkg-manager
| >State: open
| >Class: sw-bug
| >Submitter-Id: net
| >Arrival-Date: Sat Feb 24 19:20:00 +0000 2007
| >Originator: Alan Barrett
| >Release: NetBSD 4.99.12
| >Organization:
| Not much
| >Environment:
| System: NetBSD 4.99.12
| Architecture: i386
| Machine: i386
| >Description:
| perl-5.8.8 (from pkgsrc/lang/perl5) tries to determine at
| configure time whether /proc/self/exe is a symlink to the
| running program. At run time, it does not adequately sanity
| check the result from readlink("/proc/self/exe"). This
| can lead to perl's $^X variable containing "/" instead of a valid
| path to the perl interpreter.
|
| >How-To-Repeat:
|
| $ pkg_info -e perl\*
| perl-5.8.8nb4
| $ type perl
| perl is /usr/pkg/bin/perl
| $ mount | grep procfs
| procfs on /proc type procfs (local)
| $ sudo mount -t null /usr/pkg /mnt
| $ /mnt/bin/perl -e 'print $^X, "\n"' # should print /mnt/bin/perl
| /
| $ sudo umount /mnt
|
| >Fix:
|
| Apply the following patch (in addition to the patch that's
| already in pkgsrc/lang/perl5/patches/patch-ah):
|
| --- perl.c.orig 2006-01-31 12:34:47.000000000 +0000
| +++ perl.c
| @@ -4615,8 +4615,10 @@ S_procself_val(pTHX_ SV *sv, char *arg0)
| to the executable (or returning an error from the readlink). Any valid
| path has a '/' in it somewhere, so use that to validate the result.
| See http://www.freebsd.org/cgi/query-pr.cgi?pr=35703
| +
| + NetBSD's implementation sometimes returns "/"; reject that too.
| */
| - if (len > 0 && memchr(buf, '/', len)) {
| + if (len > 1 && memchr(buf, '/', len)) {
| sv_setpvn(sv,buf,len);
| }
| else {
We can just make the failure case on NetBSD to return empty.
christos