develooper Front page | perl.perl5.porters | Postings from October 2003

Is this brokenness in $< $( $> & $) ?

Thread Next
From:
Alan Burlison
Date:
October 27, 2003 08:53
Subject:
Is this brokenness in $< $( $> & $) ?
Message ID:
3F9D4D77.1050700@sun.com
For some reason I haven't been able to fathom,
    $) = $EGID;
    $> = $EUID;
is NOT the equivalelent of
    ($), $>) = ($EUID, $EGID);
when running a setuid-root script, at least on Solaris and I suspect on all 
platforms which support setreuid/setregid.  In the list assignment case, 
perl uses setreuid/setregid instead of serial calls to seteuid/setegid and 
it gets the first parameter wrong:

setreuid(37845, 37845)				= 0
:
setregid(10, 10)				= 0

In this case, by specifying the uid of the invoking user as the first 
parameter, perl is giving up root privilege, and therefore the ability to 
set the euid/egid back to root at some future point.  Am I going mad, or is 
this broken?  I can't see why a list assignment should result in different 
system calls to a serial assignment.

According to the setreuid/setregid manpages, the first parameter (real 
uid/gid) should be -1 to specify 'no change'.  Either that, or perl should 
use seteuid/setegid instead of setreuid/setregid, which is what is does in 
the serial assignment case.

-- 
Alan Burlison
--


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About