Anton Berezin did more reading and the uid setting story

gets more complex.

p4raw-id: //depot/perl@14236

diff --git a/pod/perltodo.pod b/pod/perltodo.pod
index 1df5fda..b09ad22 100644 (file)
--- a/pod/perltodo.pod
+++ b/pod/perltodo.pod
@@ -186,6 +186,22 @@ C<f(?:oo|ar)> and C<[fg]oo> by hand; this could be done automatically.
 All the code we ship with Perl needs to be sensible about temporary file
 handling, locking, input validation, and so on.
 
+=head2 Sort out the uid-setting mess
+
+Currently there are several problems with the setting of uids ($<, $>
+for the real and effective uids).  Firstly, what exactly setuid() call
+gets invoked in which platform is simply a big mess that needs to be
+untangled.  Secondly, the effects are apparently not standard across
+platforms, (if you first set $< and then $>, or vice versa, being
+uid==euid== zero, or just euid==zero, or as a normal user, what are
+the results?).  The test suite not (usually) being run as root means
+that these things do not get much testing.  Thirdly, there's quite
+often a third uid called saved uid, and Perl has no knowledge of that
+feature in any way.  (If one has the saved uid of zero, one can get
+back any real and effective uids.)  As an example, to change also the
+saved uid, one needs to set the real and effective uids B<twice>-- in
+most systems, that is: in HP-UX that doesn't seem to work.
+       
 =head2 Custom opcodes
 
 Have a way to introduce user-defined opcodes without the subroutine call

diff --git a/utils/perldoc.PL b/utils/perldoc.PL
index 62a82f3..2f60c6e 100644 (file)
--- a/utils/perldoc.PL
+++ b/utils/perldoc.PL
@@ -169,13 +169,27 @@ if (!($Is_VMS || $Is_MSWin32 || $Is_Dos || $Is_OS2) && ($> == 0 || $< == 0)
         my $id = eval { getpwnam("nobody") };
            $id = eval { getpwnam("nouser") } unless defined $id;
            $id = -2 unless defined $id;
+       #
+       # According to Stevens' APUE and various
+       # (BSD, Solaris, HP-UX) man pages setting
+       # the real uid first and effective uid second
+       # is the way to go if one wants to drop privileges,
+       # because if one changes into an effective uid of
+       # non-zero, one cannot change the real uid any more.
+       #
+       # Actually, it gets even messier.  There is
+       # a third uid, called the saved uid, and as
+       # long as that is zero, one can get back to
+       # uid of zero.  Setting the real-effective *twice*
+       # helps in *most* systems (FreeBSD and Solaris)
+       # but apparently in HP-UX even this doesn't help:
+       # the saved uid stays zero (apparently the only way
+       # in HP-UX to change saved uid is to call setuid()
+       # when the effective uid is zero).
+       #
         eval {
-           # According to Stevens' APUE and various
-           # (BSD, Solaris, HP-UX) man pages setting
-           # the real uid first and effective uid second
-           # is the way to go if one wants to drop privileges,
-           # because if one changes into an effective uid of
-           # non-zero, one cannot change the real uid any more.
+            $< = $id; # real uid
+            $> = $id; # effective uid
             $< = $id; # real uid
             $> = $id; # effective uid
         };