From: Jarkko Hietaniemi Date: Sun, 13 Jan 2002 17:08:18 +0000 (+0000) Subject: Anton Berezin did more reading and the uid setting story X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=c8d2171d9a4e444fcbc15a9762adc552285c7cab;p=p5sagit%2Fp5-mst-13.2.git Anton Berezin did more reading and the uid setting story gets more complex. p4raw-id: //depot/perl@14236 --- diff --git a/pod/perltodo.pod b/pod/perltodo.pod index 1df5fda..b09ad22 100644 --- a/pod/perltodo.pod +++ b/pod/perltodo.pod @@ -186,6 +186,22 @@ C and C<[fg]oo> by hand; this could be done automatically. All the code we ship with Perl needs to be sensible about temporary file handling, locking, input validation, and so on. +=head2 Sort out the uid-setting mess + +Currently there are several problems with the setting of uids ($<, $> +for the real and effective uids). Firstly, what exactly setuid() call +gets invoked in which platform is simply a big mess that needs to be +untangled. Secondly, the effects are apparently not standard across +platforms, (if you first set $< and then $>, or vice versa, being +uid==euid== zero, or just euid==zero, or as a normal user, what are +the results?). The test suite not (usually) being run as root means +that these things do not get much testing. Thirdly, there's quite +often a third uid called saved uid, and Perl has no knowledge of that +feature in any way. (If one has the saved uid of zero, one can get +back any real and effective uids.) As an example, to change also the +saved uid, one needs to set the real and effective uids B-- in +most systems, that is: in HP-UX that doesn't seem to work. + =head2 Custom opcodes Have a way to introduce user-defined opcodes without the subroutine call diff --git a/utils/perldoc.PL b/utils/perldoc.PL index 62a82f3..2f60c6e 100644 --- a/utils/perldoc.PL +++ b/utils/perldoc.PL @@ -169,13 +169,27 @@ if (!($Is_VMS || $Is_MSWin32 || $Is_Dos || $Is_OS2) && ($> == 0 || $< == 0) my $id = eval { getpwnam("nobody") }; $id = eval { getpwnam("nouser") } unless defined $id; $id = -2 unless defined $id; + # + # According to Stevens' APUE and various + # (BSD, Solaris, HP-UX) man pages setting + # the real uid first and effective uid second + # is the way to go if one wants to drop privileges, + # because if one changes into an effective uid of + # non-zero, one cannot change the real uid any more. + # + # Actually, it gets even messier. There is + # a third uid, called the saved uid, and as + # long as that is zero, one can get back to + # uid of zero. Setting the real-effective *twice* + # helps in *most* systems (FreeBSD and Solaris) + # but apparently in HP-UX even this doesn't help: + # the saved uid stays zero (apparently the only way + # in HP-UX to change saved uid is to call setuid() + # when the effective uid is zero). + # eval { - # According to Stevens' APUE and various - # (BSD, Solaris, HP-UX) man pages setting - # the real uid first and effective uid second - # is the way to go if one wants to drop privileges, - # because if one changes into an effective uid of - # non-zero, one cannot change the real uid any more. + $< = $id; # real uid + $> = $id; # effective uid $< = $id; # real uid $> = $id; # effective uid };