On Mon, Oct 27, 2003 at 04:53:11PM +0000, Alan Burlison wrote: > For some reason I haven't been able to fathom, > $) = $EGID; > $> = $EUID; > is NOT the equivalelent of > ($), $>) = ($EUID, $EGID); > when running a setuid-root script, at least on Solaris and I suspect on all > platforms which support setreuid/setregid. In the list assignment case, > perl uses setreuid/setregid instead of serial calls to seteuid/setegid and > it gets the first parameter wrong: > > setreuid(37845, 37845) = 0 > : > setregid(10, 10) = 0 > > In this case, by specifying the uid of the invoking user as the first > parameter, perl is giving up root privilege, and therefore the ability to > set the euid/egid back to root at some future point. Am I going mad, or is > this broken? I can't see why a list assignment should result in different > system calls to a serial assignment. I believe this is deliberate so that ($<, $>) = ($>, $<); will call setreuid if available. The detection for this case must be getting confused by your ($), $>) = ($EUID, $EGID); so yes, either change you propose below should fix it. > According to the setreuid/setregid manpages, the first parameter (real > uid/gid) should be -1 to specify 'no change'. Either that, or perl should > use seteuid/setegid instead of setreuid/setregid, which is what is does in > the serial assignment case. -- Rick Delaney rick@bort.caThread Previous