Add Configure question for taint support

This adds a Configure question for whether you want taint support. It defaults to "yes", so that ./Configure -des will build a perl which supports taint in the usual way. If you say "no", then perl is compiled with -DSILENT_NO_TAINT_SUPPORT so that taint features silently do nothing. I've submitted a separate pull request on perl/metaconfig, which adds the underlying metaconfig unit for this question, which was used to build this Configure script.
leonerd · Apr 20, 2022 · 39f8eb4 · 39f8eb4
1 parent 7931173
commit 39f8eb4
Show file tree

Hide file tree

Showing 12 changed files with 54 additions and 2 deletions.
diff --git a/Configure b/Configure
@@ -1333,6 +1333,7 @@ stdchar=''
 d_stdio_stream_array=''
 stdio_stream_array=''
 sysman=''
+taint_support=''
 sGMTIME_max=''
 sGMTIME_min=''
 sLOCALTIME_max=''
@@ -7305,6 +7306,40 @@ esac
 : confusing anyway.
 installstyle=$dflt
 
+: U/perl/taint_support.U - do we want taint support?
+case "$taint_support" in
+    $undef|false|[Nn]*)
+       dflt="n"
+       ;;
+    *)
+       dflt="y"
+       ;;
+esac
+cat >&4 <<EOM
+
+
+Perl can provide a set of special security checks, which are known
+as taint mode.  The most well-known of these is that data derived
+from outside your program should not be trusted ("is tainted")
+until you have checked it.
+
+These days there are many more security considerations, and as a result
+taint mode isn't widely used. But support for it adds a runtime overhead,
+whether or not you use it.  As a result, you can choose to build Perl
+without taint support.
+
+EOM
+rp='Do you want to build Perl with taint support?'
+. ./myread
+case "$ans" in
+$undef|false|n|N)    val="$undef"
+        ccflags="$ccflags -DSILENT_NO_TAINT_SUPPORT"
+        ;;
+*)      val="$define" ;;
+esac
+set taint_support
+eval $setvar
+
 : determine where public executables go
 echo " "
 set dflt bin bin
@@ -7330,7 +7365,13 @@ cat <<EOM
 Would you like to build Perl so that the installation is relocatable, so that
 library paths in @INC are determined relative to the path of the perl binary?
 This is not advised for system Perl installs, or if you need to run setid
-scripts or scripts under taint mode.
+EOM
+if test "X$taint_support" = "X$define"; then
+    echo "scripts or scripts under taint mode." >&4
+else
+    echo "scripts." >&4
+fi
+cat <<EOM
 
 If this doesn't make any sense to you, just accept the default '$dflt'.
 EOM
@@ -25571,6 +25612,7 @@ subversion='$subversion'
 sysman='$sysman'
 sysroot='$sysroot'
 tail='$tail'
+taint_support='$taint_support'
 tar='$tar'
 targetarch='$targetarch'
 targetdir='$targetdir'

diff --git a/Cross/config.sh-arm-linux b/Cross/config.sh-arm-linux
@@ -1100,6 +1100,7 @@ submit=''
 subversion='11'
 sysman='/usr/share/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/Cross/config.sh-arm-linux-n770 b/Cross/config.sh-arm-linux-n770
@@ -1098,6 +1098,7 @@ submit=''
 subversion='11'
 sysman='/usr/share/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/Porting/config.sh b/Porting/config.sh
@@ -1129,6 +1129,7 @@ subversion='11'
 sysman='/usr/share/man/man1'
 sysroot=''
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetdir=''

diff --git a/configure.com b/configure.com
@@ -7181,6 +7181,7 @@ $ WC "srandom_r_proto='0'"
 $ WC "strerror_r_proto='0'"
 $ WC "tmpnam_r_proto='0'"
 $ WC "ttyname_r_proto='" + ttyname_r_proto + "'"
+$ WC "taint_support='define'"
 $!
 $! ##END WRITE NEW CONSTANTS HERE##
 $!

diff --git a/metaconfig.h b/metaconfig.h
@@ -18,5 +18,6 @@
  * HAS_NL_LANGINFO_L
  * HAS_FFS
  * HAS_FFSL
+ * HAS_TAINT_SUPPORT
  *
  */
diff --git a/plan9/config_sh.sample b/plan9/config_sh.sample
@@ -1071,6 +1071,7 @@ submit=''
 subversion='11'
 sysman='/sys/man/1pub'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/uconfig.h b/uconfig.h
@@ -5341,5 +5341,5 @@
 
 /* Generated from:
  * 87e5998978daf803d19866c43bca24d7c01dc74119650db16f8d18d83f355da9 config_h.SH
- * 192cfd7d6b90e7961582dadbf7e6ae6de3e4fa6ffde19a0f7148a8572ec635f9 uconfig.sh
+ * d2b99db76a1e672884635a578054d9dde08fa174910b94d55fa0698706334ee3 uconfig.sh
  * ex: set ro: */
diff --git a/uconfig.sh b/uconfig.sh
@@ -865,6 +865,7 @@ stdio_filbuf=''
 stdio_ptr='((fp)->_IO_read_ptr)'
 stdio_stream_array=''
 strerror_r_proto='0'
+taint_support='define'
 targetarch=''
 targetsh='/bin/sh'
 timetype=time_t

diff --git a/uconfig64.sh b/uconfig64.sh
@@ -865,6 +865,7 @@ stdio_filbuf=''
 stdio_ptr='((fp)->_IO_read_ptr)'
 stdio_stream_array=''
 strerror_r_proto='0'
+taint_support='define'
 targetarch=''
 targetsh='/bin/sh'
 timetype=time_t

diff --git a/win32/config.gc b/win32/config.gc
@@ -1095,6 +1095,7 @@ submit=''
 subversion='~PERL_SUBVERSION~'
 sysman='/usr/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='cmd /x /c'

diff --git a/win32/config.vc b/win32/config.vc
@@ -1094,6 +1094,7 @@ submit=''
 subversion='~PERL_SUBVERSION~'
 sysman='/usr/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='cmd /x /c'