From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Sat, 12 Jan 2002 16:09:59 +0000 (+0000)
Subject: One should first drop the real uid, not the effective uid.
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=996aae182a59ea0e165108a1cc21191bf20b4a55;p=p5sagit%2Fp5-mst-13.2.git

One should first drop the real uid, not the effective uid.
[ID 20020110.003]

p4raw-id: //depot/perl@14217
---

diff --git a/utils/perldoc.PL b/utils/perldoc.PL
index ea381a4..62a82f3 100644
--- a/utils/perldoc.PL
+++ b/utils/perldoc.PL
@@ -170,8 +170,14 @@ if (!($Is_VMS || $Is_MSWin32 || $Is_Dos || $Is_OS2) && ($> == 0 || $< == 0)
            $id = eval { getpwnam("nouser") } unless defined $id;
            $id = -2 unless defined $id;
         eval {
-            $> = $id;  # must do this one first!
-            $< = $id;
+	    # According to Stevens' APUE and various
+	    # (BSD, Solaris, HP-UX) man pages setting
+	    # the real uid first and effective uid second
+	    # is the way to go if one wants to drop privileges,
+	    # because if one changes into an effective uid of
+	    # non-zero, one cannot change the real uid any more.
+            $< = $id; # real uid
+            $> = $id; # effective uid
         };
         last if !$@ && $< && $>;
     }