Your message dated Thu, 24 Apr 2008 08:36:46 +0300
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#213980: perl: POSIX::setuid broken in 5.6.1, fixed in
5.8
has caused the Debian Bug report #213980,
regarding perl: POSIX::setuid broken in 5.6.1, fixed in 5.8
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
213980: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213980
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: perl
Version: 5.6.1-8.3
Severity: normal
Hi,
POSIX::setuid is broken in 5.6.1-8.3,
it only set the run uid. :
root@> ps xf -eo pid,ppid,uid,euid,fuid,fsuid,svuid,suid,ruid,ucmd |grep logg
22023 1 0 0 0 0 0 0 65534 logger.pl
on perl 5.8 :
22706 1 65534 65534 65534 65534 65534 65534 65534 logger.pl
small fix :
# this line is the only necessary in perl 5.8
setuid('65534') || die "can't setuid to nobody : $!";
# useless in both cases ?
# setgid('65534') || die "can't setgid to nobody : $!";
# tried POSIX::setuid too. same thing than use POSIX; setuid(....
# next 2 lines necessary in 5.6.1
$< = 65534 || die "can't setuid to nobody : $!";
$> = 65534 || die "can't setuid to nobody : $!";
$( = 65534 || die "can't setuid to nobody : $!";
$) = 65534 || die "can't setuid to nobody : $!";
PID PPID UID EUID FUID FSUID SVUID SUID RUID CMD
22146 1 65534 65534 65534 65534 0 0 65534 logger.pl
(forgot to list gid,egid which are at 65534)
SVUID saved uid : not important i guess
suid : problematic, don't know ? (ref : man setuid, stevens :
advanced programming in unix env p.217, 8.10 changing uid and gid)
however /usr/share/doc/perl/changelog.gz says :
Make the POSIX::setuid and POSIX::setgid to really call setuid()
and setgid() because they were just changing $< and $( which means
only changing the real uid/gid, as opposed to changing both
real and effective ids. (The alternative way could have been
in POSIX.pm to change $> and $), too, but making a direct call
to the C API feels cleaner.) Fixes the bug
Subject: [ID 20000904.005] POSIX::setuid() Doesn't Call setuid()
i report this bug so that users of stable (woody) have a chance to know about
it.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux nest 2.4.21.netadmin.k7 #1 Thu Aug 21 15:36:28 EDT 2003 i686
Locale: LANG=C, LC_CTYPE=en_US
Versions of packages perl depends on:
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libdb2 2:2.7.7.0-7 The Berkeley database routines (ru
ii libgdbmg1 1.7.3-27 GNU dbm database routines (runtime
ii perl-base 5.6.1-8.3 The Pathologically Eclectic Rubbis
ii perl-modules 5.6.1-8.3 Core Perl modules.
--- End Message ---
--- Begin Message ---
Version: 5.8.0-7
On Fri, Oct 03, 2003 at 01:27:33PM -0400, xavier renaut wrote:
> Package: perl
> Version: 5.6.1-8.3
> Severity: normal
> POSIX::setuid is broken in 5.6.1-8.3,
> however /usr/share/doc/perl/changelog.gz says :
>
> Make the POSIX::setuid and POSIX::setgid to really call setuid()
> and setgid() because they were just changing $< and $( which
> means
> only changing the real uid/gid, as opposed to changing both
> real and effective ids. (The alternative way could have been
> in POSIX.pm to change $> and $), too, but making a direct call
> to the C API feels cleaner.) Fixes the bug
> Subject: [ID 20000904.005] POSIX::setuid() Doesn't Call setuid()
>
>
> i report this bug so that users of stable (woody) have a chance to know about
> it.
Marking as closed in 5.8.0.
Cheers,
--
Niko Tyni [EMAIL PROTECTED]
--- End Message ---
