Front page | perl.perl5.porters |
Postings from September 2011
On Mon Sep 12 09:39:58 2011, cmadams@hiwaay.net wrote:
> [Please enter your report here]
> Setting a user/group ID by assigning to the perl special variables
> does
> not clear $!, so confusing errors can occur. This test program fails
> on
> 5.8.8 (RHEL 5) and 5.12.4 (Fedora Linux 15):
>
> ########################################################################
> #!/usr/bin/perl
>
> use warnings;
> use strict;
>
> my @foo = stat ("/does/not/exist");
> my $gid = $( + 0;
> $( = $gid;
> die "setgid($gid): $!\n" if ($!);
> ########################################################################
>
> I get "setgid(1000): No such file or directory". If I take out the
> stat() or add a "$! = undef" after the stat(), the script runs as
> expected.
First of all, that is exactly what you should expect. Succeeding system
calls do not set errno, only failing ones do. If you want to check for
an error by using $!, you should set it to 0 before setting $(.
Secondly, what you're doing is completely wrong. You're setting the real
GID but not the effective GID, thus not dropping privileges at all. Try
POSIX' setuid/setgid, or better yet something like Unix::SetUser or
Proc::UID.
Leon Timmermans
Thread Previous
|
Thread Next