there's a huge problem with the way that perl uses and expects the
$< and $> variables, and the interaction with the [sg]et*id() calls.
under 4.4BSD, the set userid (and group id) concept works as follows:
each process has 3 uid's about it. the real user id, the effective
user id and the saved set user id. of these three, only the effective
user id is subject to 'random' change -- all three are changed in a
setuid() call. thus, calls to getuid() _always_ return the real user
id -- that is, the user id of the person who ran the program. the
global perl variable 'uid' (along with 'euid', and the group ones) is
set at the end of code handling assignment to $< like this:
uid = getuid()
so, this uid is _always_ the real user id. unless there has been a
call to setuid(), this will never change. ie, setting $< is basically
useless -- it does not change anything, anywhere.
when you assign to $>, then, seteuid() is called. this works, and
lets you change between the saved user id and the real user id as it
should.
now, the problem arrises in trying to set the real user id to be the
same as the effective user id -- the $< = $> trick -- calling setuid().
the code that checks this in $> and $< assignment uses:
if (touid == euid)
or
if (toeuid == uid)
to test for this case. neither of these can work. if you assign to
$< first, then, it's value will not have changed, so, when next
assigning to $>, the test from above fails, and, it will not call
seteuid(). if you assign to $> first, and you're running a setuid
root program, then, you've given away the ability to call setuid()
because the effective userid of the program is not root -- and the
call to setuid() fails.
at least, i think that's what i worked out happening.
i'm not sure what to do to solve this. any one have ideas?
.mrg.
$< and $> variables, and the interaction with the [sg]et*id() calls.
under 4.4BSD, the set userid (and group id) concept works as follows:
each process has 3 uid's about it. the real user id, the effective
user id and the saved set user id. of these three, only the effective
user id is subject to 'random' change -- all three are changed in a
setuid() call. thus, calls to getuid() _always_ return the real user
id -- that is, the user id of the person who ran the program. the
global perl variable 'uid' (along with 'euid', and the group ones) is
set at the end of code handling assignment to $< like this:
uid = getuid()
so, this uid is _always_ the real user id. unless there has been a
call to setuid(), this will never change. ie, setting $< is basically
useless -- it does not change anything, anywhere.
when you assign to $>, then, seteuid() is called. this works, and
lets you change between the saved user id and the real user id as it
should.
now, the problem arrises in trying to set the real user id to be the
same as the effective user id -- the $< = $> trick -- calling setuid().
the code that checks this in $> and $< assignment uses:
if (touid == euid)
or
if (toeuid == uid)
to test for this case. neither of these can work. if you assign to
$< first, then, it's value will not have changed, so, when next
assigning to $>, the test from above fails, and, it will not call
seteuid(). if you assign to $> first, and you're running a setuid
root program, then, you've given away the ability to call setuid()
because the effective userid of the program is not root -- and the
call to setuid() fails.
at least, i think that's what i worked out happening.
i'm not sure what to do to solve this. any one have ideas?
.mrg.