develooper Front page | perl.perl5.porters | Postings from May 2004

Re: Does Perl need a special variable for saved-UID/GID?

Thread Previous | Thread Next
Alan Burlison
May 31, 2004 15:59
Re: Does Perl need a special variable for saved-UID/GID?
Message ID:
Paul Fenwick wrote:

> Ton Hospel directed me to 
> (Setuid 
> Demystified -- Hao Chen, David Wagner and Drew Dean).  The paper is very 
> detailed and well thought-out, and suggests an API to allow navigation 
> of the set*id calls in a cross-platform fashion.  In particular, it 
> suggests the implementation of:
>     drop_priv_temp($uid)
>     drop_priv_perm($uid)
>     restore_priv()
> which have much simpler to understand semantics than the traditional 
> POSIX calls.  These cover the most commonly required privilege 
> manipulations, and it *should* be possible to define these on all 
> systems that have the three concepts of real/effective/saved UIDs.

FYI, Solaris 10 adds a new privilege model (Process Rights Management, 
AKA Least Privileges), based on that used in Secure Solaris which allows 
you very fine-grained control of process privileges.  Solaris 10 comes 
with two perl modules to allow you to manipulate the privileges.  For 
more on the S10 priveleges model, see the following links:

Alan Burlison

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About