develooper Front page | perl.perl5.porters | Postings from May 2004

Re: Does Perl need a special variable for saved-UID/GID?

Thread Previous | Thread Next
From:
Rafael Garcia-Suarez
Date:
May 31, 2004 07:21
Subject:
Re: Does Perl need a special variable for saved-UID/GID?
Message ID:
20040531161819.709ddb8e@localhost
Paul Fenwick wrote:
...
> 	Being able to manipulate the saved-UID is important in processes which 
> wish to be able to drop their privileges permanently.  Simply making the 
> effective UID equal to the real UID ($> = $<) does not prevent 
> escalation of privileges using the saved-UID.
> 
> 	Perl provides no 'native' way to access the saved-UID.  It can accessed 
> using the syscall() interface, or by making calls out to XS.  The 
> Proc::UID module, upon which I am currently working, aims to provide a 
> consistent interface to the UID/GID features of modern Unix systems.
> 
> 	To me it appears inconsistent that the real and effective UIDs (and 
> GIDs) of Unix processes can be accessed in Perl via special variables, 
> but saved-UIDs can not be accessed in the same way.

Legacy...

> As such, I'd like 
> to ask the following:
> 
> 	* Does Perl need two more special variables (one for saved UID,
> 	  and a second for saved GID)? Would it be better to include a
> 	  module in the standard distribution which could provide
> 	  functions/tied variables for people who need to manipulate
> 	  saved UIDs?

If the corresponding syscalls are part of POSIX, the natural place is to
add them in POSIX.pm, which already provides setuid() et alii.

I'm not against adding a lightweight Proc::UID in the core; given that
the documentation about UIDs in various parts of the man pages could be
updated to point at this module, explaining in further details the
concerns about not using the saved UID.

(And, a probe should be added to Configure for the availability of saved
UIDs.)

> 	* If Perl does need two more special variables, what should they
> 	  be called?

I don't think perl needs two more special variables; we're running out
of ASCII. (No support for Unicode special variables yet :)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About