develooper Front page | perl.perl5.porters | Postings from February 2011

setuid and serious trouble (Re: Time to update POSIX.pm?)

Thread Previous | Thread Next
From:
Mark Overmeer
Date:
February 3, 2011 02:14
Subject:
setuid and serious trouble (Re: Time to update POSIX.pm?)
Message ID:
20110203101402.GV13263@moon.overmeer.net

This email starts about setuid, but gets more general at ==>

* Mark Overmeer (mark@overmeer.net) [110131 12:46]:
> * Mark Overmeer (mark@overmeer.net) [110129 23:48]:
> > In ancient history, memory was short and modules were small. It is the
> > time of autosplit. However, I would call to reconsider autosplit for
> > POSIX.pm...
> 
> The more I try to create a nice patches, the more worries I get. Maybe
> you share these concerns.

I am trying to create a patch-set for POSIX and discovered this. Can
someone clarify it. Not all UNIXes are the same, but still..

The manual-page perlvar says

   $REAL_USER_ID
   $UID
   $<      The real uid of this process.  (Mnemonic: it's the uid you came
           from, if you're running setuid.)  You can change both the real
           uid and the effective uid at the same time by using
           POSIX::setuid().  Since changes to $< require a system call,
           check $! after a change attempt to detect any possible errors.

   $EFFECTIVE_USER_ID
   $EUID
   $>      The effective uid of this process.  Example:

               $< = $>;            # set real to effective uid
               ($<,$>) = ($>,$<);  # swap real and effective uid

           You can change both the effective uid and the real uid at the
           same time by using POSIX::setuid().  Changes to $> require a
           check to $!  to detect any possible errors after an attempted
           change.

           (Mnemonic: it's the uid you went to, if you're running setuid.)
           $< and $> can be swapped only on machines supporting
           setreuid().

From POSIX.pod

  =item setuid

  Sets the real user identifier and the effective user identifier for
  this process.  Similar to assigning a value to the Perl's builtin
  C<$E<lt>> variable, see L<perlvar/$UID>, except that the latter
  will change only the real user identifier.

POSIX.xs implements

  SysRet
  setuid(uid)
        Uid_t           uid
    CLEANUP:
  #ifndef WIN32
        if (RETVAL >= 0) {
            PL_uid  = getuid();
            PL_euid = geteuid();
        }
  #endif

I scanned the whole perl source tree, but could not find a macro
which translates "setuid(uid)" into "setreuid(uid,uid)".  So, how
does this work?

Perl core has done nice work to hide OS differences when assigning
to $< , so as module to provide POSIX functionality to as many
platforms as possible, we probably can better replace the private
XS call with
   sub setuid($) { $< = $_[0] }


==>
What bothers me more, is that the POSIX standard has a separate setuid,
seteuid and setreuid, but the POSIX module only provides one of them
and implements it differently. Probably in a pre-SysV or BSD way, not
POSIX 2001

I found a nice table about the POSIX interface at
   http://www.unix.org/version3/inttables.pdf
it declares setuid and seteuid mandatory, and setreuid as "xsi"
extension. I would like to see such table in our POSIX.pod.

What I prefer, is to refer people who look for Perl's setuid() and
getuid() functions in POSIX.pod to continue reading in perlvar/$UID
IMO, we can better explain people how the POSIX interface relates to Perl
functionality then implement the 1125(!) functions in DWIMming wrappers.

For sure we must change the first alinea of the man-page:

   The POSIX module permits you to access all (or nearly all) the standard
   POSIX 1003.1 identifiers.  Many of these identifiers have been given
   Perl-ish interfaces.

Both sentences are incorrect.  More correct on the moment:

   The POSIX module provides a subset of the System Interface specification
   POSIX 1003.1. Some of these functions directly map onto Perl functions
   with the same name (but often more powerful behavior) and many will
   croak because they are not relevant to Perl.

I would like to improve the module. It will be time consuming. As XS
implementation it should only provide functions which are not supported
by Perl core, like asctime and strftime (*)
-- 
Regards,
               MarkOv

P.S:  (*) strftime is probably the most used function of POSIX... can
    we move that to core so that far less people need to include POSIX
    at all?

------------------------------------------------------------------------
       Mark Overmeer MSc                                MARKOV Solutions
       Mark@Overmeer.net                          solutions@overmeer.net
http://Mark.Overmeer.net                   http://solutions.overmeer.net

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About