develooper Front page | perl.perl5.porters | Postings from February 2011

Re: setuid and serious trouble (Re: Time to update

Thread Previous | Thread Next
Leon Timmermans
February 3, 2011 05:07
Re: setuid and serious trouble (Re: Time to update
Message ID:
On Thu, Feb 3, 2011 at 11:14 AM, Mark Overmeer <> wrote:
> Perl core has done nice work to hide OS differences when assigning
> to $< , so as module to provide POSIX functionality to as many
> platforms as possible, we probably can better replace the private
> XS call with
>   sub setuid($) { $< = $_[0] }

That is *not* what setuid(2) does. That would be violating people's
expectations (and indirectly the standard). Worse yet, that would
break people's code and open security holes. setuid is a mess, but
let's not redefine what the function does.

> What bothers me more, is that the POSIX standard has a separate setuid,
> seteuid and setreuid, but the POSIX module only provides one of them
> and implements it differently. Probably in a pre-SysV or BSD way, not
> POSIX 2001

The module doesn't fully document how the function may behave, but
it's not violating the standard in behavior.

> Both sentences are incorrect.  More correct on the moment:
>   The POSIX module provides a subset of the System Interface specification
>   POSIX 1003.1. Some of these functions directly map onto Perl functions
>   with the same name (but often more powerful behavior) and many will
>   croak because they are not relevant to Perl.



Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About