develooper Front page | perl.perl5.porters | Postings from May 2004

Does Perl need a special variable for saved-UID/GID?

Thread Next
From:
Paul Fenwick
Date:
May 29, 2004 09:10
Subject:
Does Perl need a special variable for saved-UID/GID?
Message ID:
40B815C7.3050104@perltraining.com.au
G'day Everyone,

	Perl currently has special variables for the real and effective 
user-ids of a process, represented by $< and $> respectively.  However, 
most modern Unix systems also have a saved-UID, which is the effective 
UID-when the process started.

	The original reasoning behind the saved-UID is that a setuid process 
could switch its effective UID back and forth between it's real-UID (the 
user that started the process) and its original effective-UID.  The 
doctrine behind this is that the real-UID should never be changed, and 
should always reflect who really started the process.

	Being able to manipulate the saved-UID is important in processes which 
wish to be able to drop their privileges permanently.  Simply making the 
effective UID equal to the real UID ($> = $<) does not prevent 
escalation of privileges using the saved-UID.

	Perl provides no 'native' way to access the saved-UID.  It can accessed 
using the syscall() interface, or by making calls out to XS.  The 
Proc::UID module, upon which I am currently working, aims to provide a 
consistent interface to the UID/GID features of modern Unix systems.

	To me it appears inconsistent that the real and effective UIDs (and 
GIDs) of Unix processes can be accessed in Perl via special variables, 
but saved-UIDs can not be accessed in the same way.  As such, I'd like 
to ask the following:

	* Does Perl need two more special variables (one for saved UID,
	  and a second for saved GID)? Would it be better to include a
	  module in the standard distribution which could provide
	  functions/tied variables for people who need to manipulate
	  saved UIDs?

	* If Perl does need two more special variables, what should they
	  be called?

Cheers,

	Paul

-- 
Paul Fenwick <pjf@perltraining.com.au> | http://perltraining.com.au/
Director of Training                   | Ph:  +61 3 9354 6001
Perl Training Australia                | Fax: +61 3 9354 2681

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About