- this patch from RedHat make suidperl use syslog() to report security

  violations, instead of using /bin/mail which can be (and once was)
  a security problem
  d6446215753eebbbd53812f64b39cdb6  perl-syslog.patch

Changed files:
    perl-syslog.patch -> 1.1

diff --git a/perl-syslog.patch b/perl-syslog.patch
new file mode 100644 (file)
index 0000000..0ca9c4b
--- /dev/null
+++ b/perl-syslog.patch
@@ -0,0 +1,37 @@
+--- perl/perl.c.syslog Sat Mar 27 12:49:17 1999
++++ perl/perl.c        Mon Aug  7 11:01:24 2000
+@@ -20,6 +20,9 @@
+ #include <unistd.h>
+ #endif
+ 
++#include <syslog.h>
++#define I_SYSLOG
++
+ #if !defined(STANDARD_C) && !defined(HAS_GETENV_PROTOTYPE)
+ char *getenv _((char *)); /* Usually in <stdlib.h> */
+ #endif
+@@ -2220,6 +2223,16 @@
+           if (tmpstatbuf.st_dev != PL_statbuf.st_dev ||
+               tmpstatbuf.st_ino != PL_statbuf.st_ino) {
+               (void)PerlIO_close(PL_rsfp);
++#ifdef I_SYSLOG
++              openlog("suidperl", LOG_CONS | LOG_PID | LOG_NDELAY, LOG_AUTHPRIV);
++              syslog(LOG_ALERT, "User %ld tried to run dev %ld ino %ld in "
++                     "place of dev %ld ino %ld!", PL_uid,
++                     (long)tmpstatbuf.st_dev, (long)tmpstatbuf.st_ino,
++                     (long)PL_statbuf.st_dev, (long)PL_statbuf.st_ino);
++              syslog(LOG_ALERT, "Filename of setuid script was %s, uid %ld"
++                     " gid %ld.", SvPVX(GvSV(PL_curcop->cop_filegv)),
++                     PL_statbuf.st_uid, PL_statbuf.st_gid);
++#else
+               if (PL_rsfp = PerlProc_popen("/bin/mail root","w")) {   /* heh, heh */
+                   PerlIO_printf(PL_rsfp,
+ "User %ld tried to run dev %ld ino %ld in place of dev %ld ino %ld!\n\
+@@ -2230,6 +2243,7 @@
+                       (long)PL_statbuf.st_uid, (long)PL_statbuf.st_gid);
+                   (void)PerlProc_pclose(PL_rsfp);
+               }
++#endif
+               croak("Permission denied\n");
+           }
+           if (