pkgsrc-bugs: Re: pkg/35831: perl should not blindly believe /proc/self/exe

Subject: Re: pkg/35831: perl should not blindly believe /proc/self/exe
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: pkgsrc-bugs
Date: 02/24/2007 20:05:04

The following reply was made to PR pkg/35831; it has been noted by GNATS.

From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, pkg-manager@netbsd.org,
	gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Cc: 
Subject: Re: pkg/35831: perl should not blindly believe /proc/self/exe
Date: Sat, 24 Feb 2007 15:03:49 -0500

 On Feb 24,  7:20pm, apb@cequrux.com (apb@cequrux.com) wrote:
 -- Subject: pkg/35831: perl should not blindly believe /proc/self/exe
 
 | >Number:         35831
 | >Category:       pkg
 | >Synopsis:       perl should not blindly believe /proc/self/exe
 | >Confidential:   no
 | >Severity:       serious
 | >Priority:       high
 | >Responsible:    pkg-manager
 | >State:          open
 | >Class:          sw-bug
 | >Submitter-Id:   net
 | >Arrival-Date:   Sat Feb 24 19:20:00 +0000 2007
 | >Originator:     Alan Barrett
 | >Release:        NetBSD 4.99.12
 | >Organization:
 | Not much
 | >Environment:
 | System: NetBSD 4.99.12
 | Architecture: i386
 | Machine: i386
 | >Description:
 | perl-5.8.8 (from pkgsrc/lang/perl5) tries to determine at
 | configure time whether /proc/self/exe is a symlink to the
 | running program.  At run time, it does not adequately sanity
 | check the result from readlink("/proc/self/exe").  This
 | can lead to perl's $^X variable containing "/" instead of a valid
 | path to the perl interpreter.
 | 
 | >How-To-Repeat:
 | 
 | $ pkg_info -e perl\*
 | perl-5.8.8nb4
 | $ type perl
 | perl is /usr/pkg/bin/perl
 | $ mount | grep procfs
 | procfs on /proc type procfs (local)
 | $ sudo mount -t null /usr/pkg /mnt
 | $ /mnt/bin/perl -e 'print $^X, "\n"' # should print /mnt/bin/perl
 | /
 | $ sudo umount /mnt
 | 
 | >Fix:
 | 
 | Apply the following patch (in addition to the patch that's
 | already in pkgsrc/lang/perl5/patches/patch-ah):
 | 
 | --- perl.c.orig	2006-01-31 12:34:47.000000000 +0000
 | +++ perl.c
 | @@ -4615,8 +4615,10 @@ S_procself_val(pTHX_ SV *sv, char *arg0)
 |         to the executable (or returning an error from the readlink).  Any valid
 |         path has a '/' in it somewhere, so use that to validate the result.
 |         See http://www.freebsd.org/cgi/query-pr.cgi?pr=35703
 | +
 | +       NetBSD's implementation sometimes returns "/"; reject that too.
 |      */
 | -    if (len > 0 && memchr(buf, '/', len)) {
 | +    if (len > 1 && memchr(buf, '/', len)) {
 |  	sv_setpvn(sv,buf,len);
 |      }
 |      else {
 
 We can just make the failure case on NetBSD to return empty.
 
 christos