- major sperl (suidperl) vulnerability, CAN-2005-0155

Changed files:
    perl_586-sperl-CAN-2005-0155.patch -> 1.1

diff --git a/perl_586-sperl-CAN-2005-0155.patch b/perl_586-sperl-CAN-2005-0155.patch
new file mode 100644 (file)
index 0000000..8b8b49b
--- /dev/null
+++ b/perl_586-sperl-CAN-2005-0155.patch
@@ -0,0 +1,22 @@
+Index: perlio.c
+===================================================================
+--- perlio.c   (revision 4342)
++++ perlio.c   (revision 4346)
+@@ -454,7 +454,7 @@
+     va_list ap;
+     dSYS;
+     va_start(ap, fmt);
+-    if (!dbg) {
++    if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
+       char *s = PerlEnv_getenv("PERLIO_DEBUG");
+       if (s && *s)
+           dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
+@@ -471,7 +471,7 @@
+       s = CopFILE(PL_curcop);
+       if (!s)
+           s = "(none)";
+-      sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
++      sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
+       len = strlen(buffer);
+       vsprintf(buffer+len, fmt, ap);
+       PerlLIO_write(dbg, buffer, strlen(buffer));