Subject: Re: pkg/35831: perl should not blindly believe /proc/self/exe
To: None <gnats-bugs@NetBSD.org, pkg-manager@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: pkgsrc-bugs
Date: 02/24/2007 15:03:49
On Feb 24,  7:20pm, apb@cequrux.com (apb@cequrux.com) wrote:
-- Subject: pkg/35831: perl should not blindly believe /proc/self/exe

| >Number:         35831
| >Category:       pkg
| >Synopsis:       perl should not blindly believe /proc/self/exe
| >Confidential:   no
| >Severity:       serious
| >Priority:       high
| >Responsible:    pkg-manager
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Sat Feb 24 19:20:00 +0000 2007
| >Originator:     Alan Barrett
| >Release:        NetBSD 4.99.12
| >Organization:
| Not much
| >Environment:
| System: NetBSD 4.99.12
| Architecture: i386
| Machine: i386
| >Description:
| perl-5.8.8 (from pkgsrc/lang/perl5) tries to determine at
| configure time whether /proc/self/exe is a symlink to the
| running program.  At run time, it does not adequately sanity
| check the result from readlink("/proc/self/exe").  This
| can lead to perl's $^X variable containing "/" instead of a valid
| path to the perl interpreter.
| 
| >How-To-Repeat:
| 
| $ pkg_info -e perl\*
| perl-5.8.8nb4
| $ type perl
| perl is /usr/pkg/bin/perl
| $ mount | grep procfs
| procfs on /proc type procfs (local)
| $ sudo mount -t null /usr/pkg /mnt
| $ /mnt/bin/perl -e 'print $^X, "\n"' # should print /mnt/bin/perl
| /
| $ sudo umount /mnt
| 
| >Fix:
| 
| Apply the following patch (in addition to the patch that's
| already in pkgsrc/lang/perl5/patches/patch-ah):
| 
| --- perl.c.orig	2006-01-31 12:34:47.000000000 +0000
| +++ perl.c
| @@ -4615,8 +4615,10 @@ S_procself_val(pTHX_ SV *sv, char *arg0)
|         to the executable (or returning an error from the readlink).  Any valid
|         path has a '/' in it somewhere, so use that to validate the result.
|         See http://www.freebsd.org/cgi/query-pr.cgi?pr=35703
| +
| +       NetBSD's implementation sometimes returns "/"; reject that too.
|      */
| -    if (len > 0 && memchr(buf, '/', len)) {
| +    if (len > 1 && memchr(buf, '/', len)) {
|  	sv_setpvn(sv,buf,len);
|      }
|      else {

We can just make the failure case on NetBSD to return empty.

christos