From aeb35d7ec6be1858b1cd7b67c36aa642de18d481 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 17 Jan 2006 16:22:41 +0000 Subject: [PATCH] *** empty log message *** --- Changes | 6 +++ README.FAQ | 33 ++++++------ README.configure | 4 -- doc/rxvt.7.html | 33 +++++------- doc/rxvt.7.man.in | 36 ++++++------- doc/rxvt.7.pod | 30 +++++------ doc/rxvt.7.txt | 37 ++++++-------- doc/rxvtperl.3.html | 37 ++++++++++---- doc/rxvtperl.3.man.in | 31 ++++++++--- doc/rxvtperl.3.txt | 23 ++++++--- src/main.C | 88 -------------------------------- src/perl/mark-urls | 2 +- src/perl/selection | 6 +-- src/perl/selection-autotransform | 7 +-- src/perl/selection-popup | 6 +-- src/rxvtlib.h.in | 1 - src/rxvtperl.xs | 56 ++++---------------- src/urxvt.pm | 8 +-- 18 files changed, 164 insertions(+), 280 deletions(-) diff --git a/Changes b/Changes index c7ed78cc..8dae42d0 100644 --- a/Changes +++ b/Changes @@ -13,6 +13,12 @@ WISH: just for fun, do shade and tint with XRender. WISH: support tex fonts 9.0 + - improved security of setuid/setgid operation, which is now + encouraged, by moving privileged operations into a separate + process and permanently dropping privileges within the + terminal. This makes it possible to remove security checks from + the perl code and gives a much safer feeling when urxvt needs to + run with special privileges. - implemented perl:selection:remote-pastebin command in perl/selection - use the scrollback buffer even when the scroll region doesn't span the whole screen, as long as it starts at row 0. diff --git a/README.FAQ b/README.FAQ index 7622ccc2..fa901b14 100644 --- a/README.FAQ +++ b/README.FAQ @@ -167,24 +167,21 @@ FREQUENTLY ASKED QUESTIONS I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? - Likely not. While I honestly try to make it secure, and am probably - not bad at it, I think it is simply unreasonable to expect all of - freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode - itself to all be secure. Also, rxvt-unicode disables some options - when it detects that it runs setuid or setgid, which is not nice. - Besides, with the embedded perl interpreter the possibility for - security problems easily multiplies. - - Elevated privileges are only required for utmp and pty operations on - some systems (for example, GNU/Linux doesn't need any extra - privileges for ptys, but some need it for utmp support). It is - planned to mvoe this into a forked handler process, but this is not - yet done. - - So, while setuid/setgid operation is supported and not a problem on - your typical single-user-no-other-logins unix desktop, always - remember that its an awful lot of code, most of which isn't checked - for security issues regularly. + It should be, starting with release 7.1. You are encouraged to + properly install urxvt with privileges necessary for your OS now. + + When rxvt-unicode detects that it runs setuid or setgid, it will + fork into a helper process for privileged operations (pty handling + on some systems, utmp/wtmp/lastlog handling on others) and drop + privileges immediately. This is much safer than most other terminals + that keep privileges while running (but is more relevant to urxvt, + as it contains things as perl interpreters, which might be "helpful" + to attackers). + + This forking is done as the very first within main(), which is very + early and reduces possible bugs to initialisation code run before + main(), or things like the dynamic loader of your system, which + should result in very little risk. When I log-in to another system it tells me about missing terminfo data? The terminal description used by rxvt-unicode is not as widely diff --git a/README.configure b/README.configure index a6dadd9e..64c53736 100644 --- a/README.configure +++ b/README.configure @@ -135,10 +135,6 @@ CONFIGURE OPTIONS the favourite of the rxvt-unicode author, having used it for many years. - --enable-half-shadow (default: off) - Make shadows on the scrollbar only half the normal width & height. - only applicable to rxvt scrollbars. - --enable-ttygid (default: off) Change tty device setting to group "tty" - only use this if your system uses this type of security. diff --git a/doc/rxvt.7.html b/doc/rxvt.7.html index a1464c72..c7c3b127 100644 --- a/doc/rxvt.7.html +++ b/doc/rxvt.7.html @@ -283,24 +283,22 @@ encodings built-in that increase download times and are rarely used).

I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?
-Likely not. While I honestly try to make it secure, and am probably not -bad at it, I think it is simply unreasonable to expect all of freetype -+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be -secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. Besides, with the embedded perl -interpreter the possibility for security problems easily multiplies. +It should be, starting with release 7.1. You are encouraged to properly +install urxvt with privileges necessary for your OS now.
-

Elevated privileges are only required for utmp and pty operations on some -systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). It is planned to mvoe this into -a forked handler process, but this is not yet done.

+

When rxvt-unicode detects that it runs setuid or setgid, it will fork +into a helper process for privileged operations (pty handling on some +systems, utmp/wtmp/lastlog handling on others) and drop privileges +immediately. This is much safer than most other terminals that keep +privileges while running (but is more relevant to urxvt, as it contains +things as perl interpreters, which might be ``helpful'' to attackers).

-

So, while setuid/setgid operation is supported and not a problem on your -typical single-user-no-other-logins unix desktop, always remember that -its an awful lot of code, most of which isn't checked for security issues -regularly.

+

This forking is done as the very first within main(), which is very early +and reduces possible bugs to initialisation code run before main(), or +things like the dynamic loader of your system, which should result in very +little risk.

When I log-in to another system it tells me about missing terminfo data?
@@ -2362,13 +2360,6 @@ is the favourite of the rxvt-unicode author, having used it for many years.

-
--enable-half-shadow (default: off)
-
-
-Make shadows on the scrollbar only half the normal width & height. -only applicable to rxvt scrollbars. -
-

--enable-ttygid (default: off)
diff --git a/doc/rxvt.7.man.in b/doc/rxvt.7.man.in index 4721ad3d..d563d136 100644 --- a/doc/rxvt.7.man.in +++ b/doc/rxvt.7.man.in @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rxvt 7" -.TH rxvt 7 "2006-01-16" "7.0" "RXVT-UNICODE" +.TH rxvt 7 "2006-01-17" "7.1" "RXVT-UNICODE" .SH "NAME" RXVT REFERENCE \- FAQ, command sequences and other background information .SH "SYNOPSIS" @@ -334,22 +334,20 @@ one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal o encodings built-in that increase download times and are rarely used). .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" -Likely not. While I honestly try to make it secure, and am probably not -bad at it, I think it is simply unreasonable to expect all of freetype -+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be -secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. Besides, with the embedded perl -interpreter the possibility for security problems easily multiplies. -.Sp -Elevated privileges are only required for utmp and pty operations on some -systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). It is planned to mvoe this into -a forked handler process, but this is not yet done. -.Sp -So, while setuid/setgid operation is supported and not a problem on your -typical single-user-no-other-logins unix desktop, always remember that -its an awful lot of code, most of which isn't checked for security issues -regularly. +It should be, starting with release 7.1. You are encouraged to properly +install urxvt with privileges necessary for your \s-1OS\s0 now. +.Sp +When rxvt-unicode detects that it runs setuid or setgid, it will fork +into a helper process for privileged operations (pty handling on some +systems, utmp/wtmp/lastlog handling on others) and drop privileges +immediately. This is much safer than most other terminals that keep +privileges while running (but is more relevant to urxvt, as it contains +things as perl interpreters, which might be \*(L"helpful\*(R" to attackers). +.Sp +This forking is done as the very first within \fImain()\fR, which is very early +and reduces possible bugs to initialisation code run before \fImain()\fR, or +things like the dynamic loader of your system, which should result in very +little risk. .IP "When I log-in to another system it tells me about missing terminfo data?" 4 .IX Item "When I log-in to another system it tells me about missing terminfo data?" The terminal description used by rxvt-unicode is not as widely available @@ -2129,10 +2127,6 @@ Add support for an Xterm-like scrollbar. Add support for a very unobtrusive, plain-looking scrollbar that is the favourite of the rxvt-unicode author, having used it for many years. -.IP "\-\-enable\-half\-shadow (default: off)" 4 -.IX Item "--enable-half-shadow (default: off)" -Make shadows on the scrollbar only half the normal width & height. -only applicable to rxvt scrollbars. .IP "\-\-enable\-ttygid (default: off)" 4 .IX Item "--enable-ttygid (default: off)" Change tty device setting to group \*(L"tty\*(R" \- only use this if diff --git a/doc/rxvt.7.pod b/doc/rxvt.7.pod index 156274da..570e00a1 100644 --- a/doc/rxvt.7.pod +++ b/doc/rxvt.7.pod @@ -196,22 +196,20 @@ encodings built-in that increase download times and are rarely used). =item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? -Likely not. While I honestly try to make it secure, and am probably not -bad at it, I think it is simply unreasonable to expect all of freetype -+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be -secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. Besides, with the embedded perl -interpreter the possibility for security problems easily multiplies. - -Elevated privileges are only required for utmp and pty operations on some -systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). It is planned to mvoe this into -a forked handler process, but this is not yet done. - -So, while setuid/setgid operation is supported and not a problem on your -typical single-user-no-other-logins unix desktop, always remember that -its an awful lot of code, most of which isn't checked for security issues -regularly. +It should be, starting with release 7.1. You are encouraged to properly +install urxvt with privileges necessary for your OS now. + +When rxvt-unicode detects that it runs setuid or setgid, it will fork +into a helper process for privileged operations (pty handling on some +systems, utmp/wtmp/lastlog handling on others) and drop privileges +immediately. This is much safer than most other terminals that keep +privileges while running (but is more relevant to urxvt, as it contains +things as perl interpreters, which might be "helpful" to attackers). + +This forking is done as the very first within main(), which is very early +and reduces possible bugs to initialisation code run before main(), or +things like the dynamic loader of your system, which should result in very +little risk. =item When I log-in to another system it tells me about missing terminfo data? diff --git a/doc/rxvt.7.txt b/doc/rxvt.7.txt index b805c7c9..810fab1a 100644 --- a/doc/rxvt.7.txt +++ b/doc/rxvt.7.txt @@ -188,24 +188,21 @@ FREQUENTLY ASKED QUESTIONS I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? - Likely not. While I honestly try to make it secure, and am probably - not bad at it, I think it is simply unreasonable to expect all of - freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode - itself to all be secure. Also, rxvt-unicode disables some options - when it detects that it runs setuid or setgid, which is not nice. - Besides, with the embedded perl interpreter the possibility for - security problems easily multiplies. - - Elevated privileges are only required for utmp and pty operations on - some systems (for example, GNU/Linux doesn't need any extra - privileges for ptys, but some need it for utmp support). It is - planned to mvoe this into a forked handler process, but this is not - yet done. - - So, while setuid/setgid operation is supported and not a problem on - your typical single-user-no-other-logins unix desktop, always - remember that its an awful lot of code, most of which isn't checked - for security issues regularly. + It should be, starting with release 7.1. You are encouraged to + properly install urxvt with privileges necessary for your OS now. + + When rxvt-unicode detects that it runs setuid or setgid, it will + fork into a helper process for privileged operations (pty handling + on some systems, utmp/wtmp/lastlog handling on others) and drop + privileges immediately. This is much safer than most other terminals + that keep privileges while running (but is more relevant to urxvt, + as it contains things as perl interpreters, which might be "helpful" + to attackers). + + This forking is done as the very first within main(), which is very + early and reduces possible bugs to initialisation code run before + main(), or things like the dynamic loader of your system, which + should result in very little risk. When I log-in to another system it tells me about missing terminfo data? The terminal description used by rxvt-unicode is not as widely @@ -1648,10 +1645,6 @@ CONFIGURE OPTIONS the favourite of the rxvt-unicode author, having used it for many years. - --enable-half-shadow (default: off) - Make shadows on the scrollbar only half the normal width & height. - only applicable to rxvt scrollbars. - --enable-ttygid (default: off) Change tty device setting to group "tty" - only use this if your system uses this type of security. diff --git a/doc/rxvtperl.3.html b/doc/rxvtperl.3.html index 658bbd48..ea805bce 100644 --- a/doc/rxvtperl.3.html +++ b/doc/rxvtperl.3.html @@ -122,7 +122,7 @@ between two vertical bars:

interesting uses, such as parsing a line from beginning to end.

-

This extension also offers the following bindable keyboard command:

+

This extension also offers following bindable keyboard commands:

rot13
@@ -134,6 +134,33 @@ Rot-13 the selection when activated. Used via keyboard trigger: 
    URxvt.keysym.C-M-r: perl:selection:rot13
+

+
remote-pastebin
+
+
+Upload the selection as textfile to a remote site. +
+
+
+   URxvt.keysym.C-M-e: perl:selection:remote-pastebin
+
+
+

To set the command to upload the file set this resource:

+
+
+
+   URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/.
+
+
+

The % is the placeholder for the textfile. The name of the textfile is the hex encoded +md5 sum of the selection. +After an successful upload the selection will be replaced by the following url +(the % is the placeholder for the filename):

+
+
+
+   URxvt.selection-pastebin-url: http://www.ta-sa.org/files/txt/%
+

option-popup (enabled by default)
@@ -604,14 +631,6 @@ correct place, e.g. on stderr of the connecting urxvtc client.

Messages have a size limit of 1023 bytes currently.

-
$is_safe = urxvt::safe
-
-
-Returns true when it is safe to do potentially unsafe things, such as -evaluating perl code specified by the user. This is true when urxvt was -started setuid or setgid. -
-

$time = urxvt::NOW
diff --git a/doc/rxvtperl.3.man.in b/doc/rxvtperl.3.man.in index 78488f4d..6eb92a0c 100644 --- a/doc/rxvtperl.3.man.in +++ b/doc/rxvtperl.3.man.in @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rxvt 3" -.TH rxvt 3 "2006-01-16" "7.0" "RXVT-UNICODE" +.TH rxvt 3 "2006-01-17" "7.1" "RXVT-UNICODE" .SH "NAME" @@RXVT_NAME@@perl \- rxvt\-unicode's embedded perl interpreter .SH "SYNOPSIS" @@ -205,7 +205,7 @@ between two vertical bars: You can look at the source of the selection extension to see more interesting uses, such as parsing a line from beginning to end. .Sp -This extension also offers the following bindable keyboard command: +This extension also offers following bindable keyboard commands: .RS 4 .IP "rot13" 4 .IX Item "rot13" @@ -214,6 +214,28 @@ Rot\-13 the selection when activated. Used via keyboard trigger: .Vb 1 \& URxvt.keysym.C-M-r: perl:selection:rot13 .Ve +.IP "remote-pastebin" 4 +.IX Item "remote-pastebin" +Upload the selection as textfile to a remote site. +.Sp +.Vb 1 +\& URxvt.keysym.C-M-e: perl:selection:remote-pastebin +.Ve +.Sp +To set the command to upload the file set this resource: +.Sp +.Vb 1 +\& URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/. +.Ve +.Sp +The % is the placeholder for the textfile. The name of the textfile is the hex encoded +md5 sum of the selection. +After an successful upload the selection will be replaced by the following url +(the % is the placeholder for the filename): +.Sp +.Vb 1 +\& URxvt.selection-pastebin-url: http://www.ta-sa.org/files/txt/% +.Ve .RE .RS 4 .RE @@ -580,11 +602,6 @@ Using this function has the advantage that its output ends up in the correct place, e.g. on stderr of the connecting urxvtc client. .Sp Messages have a size limit of 1023 bytes currently. -.IP "$is_safe = urxvt::safe" 4 -.IX Item "$is_safe = urxvt::safe" -Returns true when it is safe to do potentially unsafe things, such as -evaluating perl code specified by the user. This is true when urxvt was -started setuid or setgid. .IP "$time = urxvt::NOW" 4 .IX Item "$time = urxvt::NOW" Returns the \*(L"current time\*(R" (as per the event loop). diff --git a/doc/rxvtperl.3.txt b/doc/rxvtperl.3.txt index d36bf8c9..e64f51b5 100644 --- a/doc/rxvtperl.3.txt +++ b/doc/rxvtperl.3.txt @@ -59,13 +59,29 @@ PREPACKAGED EXTENSIONS You can look at the source of the selection extension to see more interesting uses, such as parsing a line from beginning to end. - This extension also offers the following bindable keyboard command: + This extension also offers following bindable keyboard commands: rot13 Rot-13 the selection when activated. Used via keyboard trigger: URxvt.keysym.C-M-r: perl:selection:rot13 + remote-pastebin + Upload the selection as textfile to a remote site. + + URxvt.keysym.C-M-e: perl:selection:remote-pastebin + + To set the command to upload the file set this resource: + + URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/. + + The % is the placeholder for the textfile. The name of the + textfile is the hex encoded md5 sum of the selection. After an + successful upload the selection will be replaced by the + following url (the % is the placeholder for the filename): + + URxvt.selection-pastebin-url: http://www.ta-sa.org/files/txt/% + option-popup (enabled by default) Binds a popup menu to Ctrl-Button2 that lets you toggle (some) options at runtime. @@ -387,11 +403,6 @@ API DOCUMENTATION Messages have a size limit of 1023 bytes currently. - $is_safe = urxvt::safe - Returns true when it is safe to do potentially unsafe things, such - as evaluating perl code specified by the user. This is true when - urxvt was started setuid or setgid. - $time = urxvt::NOW Returns the "current time" (as per the event loop). diff --git a/src/main.C b/src/main.C index f8fd9795..c58b094e 100644 --- a/src/main.C +++ b/src/main.C @@ -48,21 +48,6 @@ # include #endif -#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) -static uid_t saved_euid; -static gid_t saved_egid; -#endif - -bool -rxvt_tainted () -{ -#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) - return getuid () != saved_euid || getgid () != saved_egid; -#else - return false; -#endif -} - vector rxvt_term::termlist; static char curlocale[128], savelocale[128]; @@ -489,19 +474,6 @@ rxvt_term::init (int argc, const char *const *argv) || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) { -#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) - // ignore some perl-related arguments if some bozo installed us set[ug]id - if (rxvt_tainted ()) - { - if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) - || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) - { - rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); - rs[Rs_perl_lib] = 0; - rs[Rs_perl_eval] = 0; - } - } -#endif rxvt_perl.init (this); HOOK_INVOKE ((this, HOOK_INIT, DT_END)); } @@ -632,16 +604,6 @@ rxvt_init () rxvt_environ = environ; - /* - * Save and then give up any super-user privileges - * If we need privileges in any area then we must specifically request it. - * We should only need to be root in these cases: - * 1. write utmp entries on some systems - * 2. chown tty on some systems - */ - rxvt_privileges (SAVE); - rxvt_privileges (IGNORE); - signal (SIGHUP, SIG_IGN); signal (SIGPIPE, SIG_IGN); @@ -695,56 +657,6 @@ rxvt_realloc (void *ptr, size_t size) return p; } -/* ------------------------------------------------------------------------- * - * PRIVILEGED OPERATIONS * - * ------------------------------------------------------------------------- */ -/* take care of suid/sgid super-user (root) privileges */ -void -rxvt_privileges (rxvt_privaction action) -{ -#if ! defined(__CYGWIN32__) -# if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) - /* setreuid () is the poor man's setuid (), seteuid () */ -# define seteuid(a) setreuid(-1, (a)) -# define setegid(a) setregid(-1, (a)) -# define HAVE_SETEUID -# endif -# ifdef HAVE_SETEUID - switch (action) - { - case IGNORE: - /* - * change effective uid/gid - not real uid/gid - so we can switch - * back to root later, as required - */ - setegid (getgid ()); - seteuid (getuid ()); - break; - case SAVE: - saved_egid = getegid (); - saved_euid = geteuid (); - break; - case RESTORE: - setegid (saved_egid); - seteuid (saved_euid); - break; - } -# else - switch (action) - { - case IGNORE: - setgid (getgid ()); - setuid (getuid ()); - /* FALLTHROUGH */ - case SAVE: - /* FALLTHROUGH */ - case RESTORE: - break; - } -# endif -#endif -} - /*----------------------------------------------------------------------*/ /* * window size/position calculcations for XSizeHint and other storage. diff --git a/src/perl/mark-urls b/src/perl/mark-urls index 68fea189..d1245903 100644 --- a/src/perl/mark-urls +++ b/src/perl/mark-urls @@ -10,7 +10,7 @@ my $url = sub on_start { my ($self) = @_; - $self->{browser} = urxvt::untaint $self->x_resource ("urlLauncher") || "x-www-browser"; + $self->{browser} = $self->x_resource ("urlLauncher") || "x-www-browser"; () } diff --git a/src/perl/selection b/src/perl/selection index a87c6d67..26f5277c 100644 --- a/src/perl/selection +++ b/src/perl/selection @@ -7,12 +7,10 @@ my $pastebin_url; sub on_start { my ($self) = @_; - $pastebin_cmd = - (urxvt::untaint $self->x_resource ("selection-pastebin-cmd")) + $pastebin_cmd = $self->x_resource ("selection-pastebin-cmd") or "scp -p % ruth:/var/www/www.ta-sa.org/files/txt/"; - $pastebin_url = - (urxvt::untaint $self->x_resource ("selection-pastebin-url")) + $pastebin_url = $self->x_resource ("selection-pastebin-url") or "http://www.ta-sa.org/files/txt/"; (); } diff --git a/src/perl/selection-autotransform b/src/perl/selection-autotransform index 22d5bbb6..6bc3a3f5 100644 --- a/src/perl/selection-autotransform +++ b/src/perl/selection-autotransform @@ -14,12 +14,7 @@ sub msg { sub on_init { my ($self) = @_; - unless (urxvt::safe) { - warn "running with elevated privileges, ignoring selection-autotransform patterns"; - return; - } - - for (my $idx = 0; defined (my $res = urxvt::untaint $self->x_resource ("selection-autotransform.$idx")); $idx++) { + for (my $idx = 0; defined (my $res = $self->x_resource ("selection-autotransform.$idx")); $idx++) { $res = $self->locale_decode ($res); my $transform = eval "sub { $res }"; diff --git a/src/perl/selection-popup b/src/perl/selection-popup index 825dfaa9..c50d520c 100644 --- a/src/perl/selection-popup +++ b/src/perl/selection-popup @@ -14,7 +14,7 @@ sub msg { sub on_start { my ($self) = @_; - $self->{browser} = urxvt::untaint $self->x_resource ("urlLauncher") || "x-www-browser"; + $self->{browser} = $self->x_resource ("urlLauncher") || "x-www-browser"; $self->grab_button (3, urxvt::ControlMask); @@ -57,9 +57,7 @@ sub on_button_press { for ($text) { $add_button->("rot13" => sub { y/A-Za-z/N-ZA-Mn-za-m/ }); - - urxvt::safe - and $add_button->("eval perl expression" => sub { no warnings; $_ = eval urxvt::untaint $_ }); + $add_button->("eval perl expression" => sub { no warnings; $_ = eval $_ }); /^(\S+):(\d+):?$/ and $add_button->("vi-commands to load '$1'" => sub { s/^(\S+):(\d+):?$/\x1b:e $1\x0d:$2\x0d/ }); diff --git a/src/rxvtlib.h.in b/src/rxvtlib.h.in index 6e8db268..1ee48fff 100644 --- a/src/rxvtlib.h.in +++ b/src/rxvtlib.h.in @@ -254,7 +254,6 @@ struct rxvt_vars : TermWin_t { }; void rxvt_init (); -bool rxvt_tainted (); #endif /* _RXVTLIB_H_ */ diff --git a/src/rxvtperl.xs b/src/rxvtperl.xs index 4693af34..975a5eb3 100644 --- a/src/rxvtperl.xs +++ b/src/rxvtperl.xs @@ -56,22 +56,6 @@ ///////////////////////////////////////////////////////////////////////////// -static SV * -taint (SV *sv) -{ - SvTAINT (sv); - return sv; -} - -static SV * -taint_if (SV *sv, SV *src) -{ - if (SvTAINTED (src)) - SvTAINT (sv); - - return sv; -} - static wchar_t * sv2wcs (SV *sv) { @@ -420,14 +404,13 @@ rxvt_perl_interp::init (rxvt_term *term) char *argv[] = { "", - "-T", "-edo '" LIBDIR "/urxvt.pm' or ($@ and die $@) or exit 1", }; perl = perl_alloc (); perl_construct (perl); - if (perl_parse (perl, xs_init, 3, argv, (char **)NULL) + if (perl_parse (perl, xs_init, 2, argv, (char **)NULL) || perl_run (perl)) { rxvt_warn ("unable to initialize perl-interpreter, continuing without.\n"); @@ -520,7 +503,7 @@ rxvt_perl_interp::invoke (rxvt_term *term, hook_type htype, ...) break; case DT_STR: - XPUSHs (taint (sv_2mortal (newSVpv (va_arg (ap, char *), 0)))); + XPUSHs (sv_2mortal (newSVpv (va_arg (ap, char *), 0))); break; case DT_STR_LEN: @@ -528,7 +511,7 @@ rxvt_perl_interp::invoke (rxvt_term *term, hook_type htype, ...) char *str = va_arg (ap, char *); int len = va_arg (ap, int); - XPUSHs (taint (sv_2mortal (newSVpvn (str, len)))); + XPUSHs (sv_2mortal (newSVpvn (str, len))); } break; @@ -537,7 +520,7 @@ rxvt_perl_interp::invoke (rxvt_term *term, hook_type htype, ...) wchar_t *wstr = va_arg (ap, wchar_t *); int wlen = va_arg (ap, int); - XPUSHs (taint (sv_2mortal (wcs2sv (wstr, wlen)))); + XPUSHs (sv_2mortal (wcs2sv (wstr, wlen))); } break; @@ -784,24 +767,9 @@ fatal (const char *msg) CODE: rxvt_fatal ("%s", msg); -SV * -untaint (SV *sv) - CODE: - RETVAL = newSVsv (sv); - SvTAINTED_off (RETVAL); - OUTPUT: - RETVAL - void _exit (int status) -bool -safe () - CODE: - RETVAL = !rxvt_tainted (); - OUTPUT: - RETVAL - NV NOW () CODE: @@ -1076,7 +1044,7 @@ rxvt_term::locale_encode (SV *str) free (wstr); - RETVAL = taint_if (newSVpv (mbstr, 0), str); + RETVAL = newSVpv (mbstr, 0); free (mbstr); } OUTPUT: @@ -1093,7 +1061,7 @@ rxvt_term::locale_decode (SV *octets) wchar_t *wstr = rxvt_mbstowcs (data, len); rxvt_pop_locale (); - RETVAL = taint_if (wcs2sv (wstr), octets); + RETVAL = wcs2sv (wstr); free (wstr); } OUTPUT: @@ -1255,7 +1223,7 @@ rxvt_term::ROW_t (int row_number, SV *new_text = 0, int start_col = 0, int start for (int col = 0; col < THIS->ncol; col++) wstr [col] = l.t [col]; - XPUSHs (taint (sv_2mortal (wcs2sv (wstr, THIS->ncol)))); + XPUSHs (sv_2mortal (wcs2sv (wstr, THIS->ncol))); delete [] wstr; } @@ -1386,7 +1354,7 @@ rxvt_term::special_encode (SV *string) rxvt_pop_locale (); - RETVAL = taint_if (wcs2sv (rstr, r - rstr), string); + RETVAL = wcs2sv (rstr, r - rstr); delete [] rstr; } @@ -1422,7 +1390,7 @@ rxvt_term::special_decode (SV *text) else *r++ = *s; - RETVAL = taint_if (wcs2sv (rstr, r - rstr), text); + RETVAL = wcs2sv (rstr, r - rstr); delete [] rstr; } @@ -1454,7 +1422,7 @@ rxvt_term::_resource (char *name, int index, SV *newval = 0) croak ("requested out-of-bound resource %s+%d,", name, index - rs->value); if (GIMME_V != G_VOID) - XPUSHs (THIS->rs [index] ? sv_2mortal (taint (newSVpv (THIS->rs [index], 0))) : &PL_sv_undef); + XPUSHs (THIS->rs [index] ? sv_2mortal (newSVpv (THIS->rs [index], 0)) : &PL_sv_undef); if (newval) { @@ -1471,8 +1439,6 @@ rxvt_term::_resource (char *name, int index, SV *newval = 0) const char * rxvt_term::x_resource (const char *name) - CLEANUP: - SvTAINTED_on (ST (0)); bool rxvt_term::option (U32 optval, int set = -1) @@ -1576,7 +1542,7 @@ rxvt_term::selection (SV *newtext = 0) { if (GIMME_V != G_VOID) XPUSHs (THIS->selection.text - ? taint (sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len))) + ? sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len)) : &PL_sv_undef); if (newtext) diff --git a/src/urxvt.pm b/src/urxvt.pm index 368a3dae..f2cadb82 100644 --- a/src/urxvt.pm +++ b/src/urxvt.pm @@ -500,12 +500,6 @@ correct place, e.g. on stderr of the connecting urxvtc client. Messages have a size limit of 1023 bytes currently. -=item $is_safe = urxvt::safe - -Returns true when it is safe to do potentially unsafe things, such as -evaluating perl code specified by the user. This is true when urxvt was -started setuid or setgid. - =item $time = urxvt::NOW Returns the "current time" (as per the event loop). @@ -630,7 +624,7 @@ sub extension_package($) { open my $fh, "<:raw", $path or die "$path: $!"; - my $source = untaint + my $source = "package $pkg; use strict; use utf8;\n" . "use base urxvt::term::extension::;\n" . "#line 1 \"$path\"\n{\n" -- 2.34.1