develooper Front page | perl.perl5.porters | Postings from February 2011

Re: setuid and serious trouble (Re: Time to update POSIX.pm?)

Thread Previous | Thread Next
From:
Leon Timmermans
Date:
February 3, 2011 07:31
Subject:
Re: setuid and serious trouble (Re: Time to update POSIX.pm?)
Message ID:
AANLkTimVW=-RtvL0LBGkmqe5jsmXwUPd9Ri-SACY3TLO@mail.gmail.com
On Thu, Feb 3, 2011 at 2:56 PM, Tom Christiansen <tchrist@perl.com> wrote:
> Looking at manpages on a couple of BSD systems (OpenBsd and Darwin),
> Solaris, and Linux, it begins to look like there may be some convergence
> at least amongst those three/four.  I include the three relevant manpage
> sections from those respective systems below by signature.

There is consensus on what to do «If the process has appropriate
privileges»: change all IDs. Other than superuser status there isn't
consensus on when a process has those privileges (check freebsd for an
implementation that disagrees even more than the ones you've listed).
Also the BSD's don't seem to conform to the unpriviliged case.

setuid makes sense if you have (root) privileges and want to
permanently revoke them (you can't do that with $< or $> because
neither will set the saved user ID on OSes that support that). If you
want a temporary suspension of your permissions seteuid (in other
words, $>) is what you want 98% of the time, if only because its
semantics are much better defined. Swapping effective and real user
IDs (setreuid) makes sense only if your OS is too ancient to support
saved IDs. Same logic applies to setgid & friends.

Leon

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About