Front page | perl.perl5.porters |
Postings from September 2000
[ID 20000904.004] perlsec Manual Page Incorrect Doing"Safe Backticks"
Thread Next
From:
Garry T. Williams
Date:
September 4, 2000 08:33
Subject:
[ID 20000904.004] perlsec Manual Page Incorrect Doing"Safe Backticks"
Message ID:
200009041532.e84FWcl12106@ifr.inside.zvolve.net
This is a bug report for perl from garry@zvolve.com,
generated with the help of perlbug 1.28 running under perl v5.6.0.
-----------------------------------------------------------------
[Please enter your report here]
The perlsec manual page suggests a safe way to fork/exec an external
program. From the manual page:
use English;
die "Can't fork: $!" unless defined $pid = open(KID, "-|");
if ($pid) { # parent
while (<KID>) {
# do something
}
close KID;
} else {
my @temp = ($EUID, $EGID);
$EUID = $UID;
$EGID = $GID; # initgroups() also called!
# Make sure privs are really gone
($EUID, $EGID) = @temp;
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
$ENV{PATH} = "/bin:/usr/bin";
exec 'myprog', 'arg1', 'arg2'
or die "can't exec myprog: $!";
}
This does *not* relinquish root privileges on this system. I don't
think that it would work on any SVR4 system. Aside from the syntax
error in line 2, the script will die printing "Can't drop privileges".
The code should be:
use English;
die "Can't fork: $!" unless defined($pid = open(KID, "-|"));
if ($pid) { # parent
while (<KID>) {
# do something
}
close KID;
} else {
my @temp = ($EUID, $EGID);
my $orig_uid = $UID;
my $orig_gid = $GID;
$EUID = $UID;
$EGID = $GID;
# Drop privileges
$UID = $orig_uid;
$GID = $orig_gid;
# Make sure privs are really gone
($EUID, $EGID) = @temp;
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
$ENV{PATH} = "/bin:/usr/bin";
exec 'myprog', 'arg1', 'arg2'
or die "can't exec myprog: $!";
}
-Garry Williams
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=docs
severity=low
---
Site configuration information for perl v5.6.0:
Configured by garry at Tue Aug 1 07:40:52 EDT 2000.
Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
Platform:
osname=solaris, osvers=2.7, archname=sun4-solaris
uname='sunos repos 5.7 generic_106541-11 sun4u sparc sunw,ultra-60 '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=undef d_sfio=undef uselargefiles=define
use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
Compiler:
cc='cc', optimize='-O', gccversion=
cppflags='-I/usr/local/include'
ccflags ='-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
stdchar='char', d_stdstdio=define, usevfork=false
intsize=4, longsize=4, ptrsize=4, doublesize=8
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, usemymalloc=y, prototype=define
Linker and Libraries:
ld='cc', ldflags ='-L/usr/local/lib '
libpth=/usr/local/lib /opt/SUNWspro/SC5.0/lib /lib /usr/lib /usr/ccs/lib
libs=-lsocket -lnsl -ldb -ldl -lm -lc -lcrypt -lsec
libc=/lib/libc.so, so=so, useshrplib=false, libperl=libperl.a
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
cccdlflags='-KPIC', lddlflags='-G -L/usr/local/lib'
Locally applied patches:
---
@INC for perl v5.6.0:
/usr/local/lib/perl5/5.6.0/sun4-solaris
/usr/local/lib/perl5/5.6.0
/usr/local/lib/perl5/site_perl/5.6.0/sun4-solaris
/usr/local/lib/perl5/site_perl/5.6.0
/usr/local/lib/perl5/site_perl
.
---
Environment for perl v5.6.0:
HOME=/home/garry
LANG (unset)
LANGUAGE (unset)
LC_COLLATE=C
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/garry/bin:/bin:/sbin:/usr/sbin:/opt/SUNWspro/bin:/usr/ccs/bin:/usr/local/bin:/usr/openwin/bin:/usr/java1.1/bin
PERL_BADLANG (unset)
SHELL=/bin/ksh
Thread Next
-
[ID 20000904.004] perlsec Manual Page Incorrect Doing"Safe Backticks"
by Garry T. Williams