… | |
… | |
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
52 | static uid_t saved_euid; |
52 | static uid_t saved_euid; |
53 | static gid_t saved_egid; |
53 | static gid_t saved_egid; |
54 | #endif |
54 | #endif |
55 | |
55 | |
|
|
56 | bool |
|
|
57 | rxvt_tainted () |
|
|
58 | { |
|
|
59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
61 | #else |
|
|
62 | return false; |
|
|
63 | #endif |
|
|
64 | } |
|
|
65 | |
56 | vector<rxvt_term *> rxvt_term::termlist; |
66 | vector<rxvt_term *> rxvt_term::termlist; |
57 | |
67 | |
58 | static char curlocale[128], savelocale[128]; |
68 | static char curlocale[128], savelocale[128]; |
59 | |
69 | |
60 | bool |
70 | bool |
… | |
… | |
66 | strncpy (curlocale, locale, 128); |
76 | strncpy (curlocale, locale, 128); |
67 | setlocale (LC_CTYPE, curlocale); |
77 | setlocale (LC_CTYPE, curlocale); |
68 | return true; |
78 | return true; |
69 | } |
79 | } |
70 | |
80 | |
71 | bool |
81 | void |
72 | rxvt_push_locale (const char *locale) |
82 | rxvt_push_locale (const char *locale) |
73 | { |
83 | { |
74 | strcpy (savelocale, curlocale); |
84 | strcpy (savelocale, curlocale); |
75 | rxvt_set_locale (locale); |
85 | rxvt_set_locale (locale); |
76 | } |
86 | } |
… | |
… | |
502 | |
512 | |
503 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
513 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
504 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
514 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
505 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
515 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
506 | { |
516 | { |
507 | bool tainted = false; |
|
|
508 | |
|
|
509 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
517 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
510 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
518 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
511 | if (getuid () != saved_euid || getgid () != saved_egid) |
519 | if (rxvt_tainted ()) |
512 | { |
520 | { |
513 | tainted = true; |
|
|
514 | |
|
|
515 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
521 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
516 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
522 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
517 | { |
523 | { |
518 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
524 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
519 | rs[Rs_perl_lib] = 0; |
525 | rs[Rs_perl_lib] = 0; |
520 | rs[Rs_perl_eval] = "our $tainted = 1"; |
526 | rs[Rs_perl_eval] = 0; |
521 | } |
527 | } |
522 | } |
528 | } |
523 | #endif |
529 | #endif |
524 | rxvt_perl.init (tainted); |
530 | rxvt_perl.init (); |
525 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
531 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
526 | } |
532 | } |
527 | #endif |
533 | #endif |
528 | |
534 | |
529 | create_windows (argc, argv); |
535 | create_windows (argc, argv); |