aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/Wrapper.pm10
-rw-r--r--debian/changelog1
-rw-r--r--doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn11
3 files changed, 16 insertions, 6 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 830b04877..f175b4a0b 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -101,7 +101,6 @@ EOF
#include <string.h>
#include <sys/file.h>
-extern char **environ;
char *newenviron[$#envsave+6];
int i=0;
@@ -121,8 +120,13 @@ $check_commit_hook
$envsave
newenviron[i++]="HOME=$ENV{HOME}";
newenviron[i++]="WRAPPED_OPTIONS=$configstring";
- newenviron[i]=NULL;
- environ=newenviron;
+
+ if (clearenv() != 0) {
+ perror("clearenv");
+ exit(1);
+ }
+ for (; i>0; i--)
+ putenv(newenviron[i-1]);
if (setregid(getegid(), -1) != 0 &&
setregid(getegid(), -1) != 0) {
diff --git a/debian/changelog b/debian/changelog
index e5347e2a1..73f6fcff8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,7 @@ ikiwiki (3.20100313) UNRELEASED; urgency=low
wiki source files, such as .htaccess, that would normally be skipped
for security or other reasons. Closes: #447267
(Thanks to Aaron Wilson for the original patch.)
+ * Allow wrappers to be built using tcc.
-- Joey Hess <joeyh@debian.org> Sat, 13 Mar 2010 14:48:10 -0500
diff --git a/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn b/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn
index 4226c026a..a8fb19888 100644
--- a/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn
+++ b/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn
@@ -9,6 +9,11 @@ Everything works fine with gcc.
versions: Debian lenny + backports
-
-
-
+> Seems that tcc does not respect changing where `environ` points as a way
+> to change the environment seen after `exec`
+>
+> Given that the man page for `clearenv` suggests using `environ=NULL`
+> if `clearenv` is not available, I would be lerry or using tcc to compile
+> stuff, since that could easily lead to a security compromise of code that
+> expects that to work. However, I have fixed ikiwiki to use `clearenv`.
+> --[[Joey]] [[done]]