It seems that the following example from the perlsec man page (5.6.0)
ignores saved uid (SUID) and thereby does not work on linux (or solaris and
other systems that implement _POSIX_SAVED_IDS feature)
use English;
my @temp = ($EUID, $EGID);
$EUID = $UID;
$EGID = $GID; # initgroups() also called!
# Make sure privs are really gone
($EUID, $EGID) = @temp;
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
# ^^^ always dies here, since $EUID=$UID succeeds on linux
I replaced the $EGID = $UID; $EGID = $GID; part with
use English;
require "syscall.ph";
# do setgid first, since it only sets SGID to $GID, if _EUID_ is 0
syscall(&SYS_setgid, $GID) == 0 or
die "unable to setgid($gid)";
# setuid also sets SUID to $UID, if _EUID_ is 0
syscall(&SYS_setuid, $UID) == 0 or
die "unable to setsid($uid)";
after reading man 2 setuid
Under Linux, setuid is implemented like the POSIX version
with the _POSIX_SAVED_IDS feature. This allows a setuid
(other than root) program to drop all of its user privi�
leges, do some un-privileged work, and then re-engage the
original effective user ID in a secure manner.
If the user is root or the program is setuid root, special
care must be taken. The setuid function checks the effec�
tive uid of the caller and if it is the superuser, all
process related user ID's are set to uid. After this has
occurred, it is impossible for the program to regain root
privileges.
Thus, a setuid-root program wishing to temporarily drop
root privileges, assume the identity of a non-root user,
and then regain root privileges afterwards cannot use
setuid. You can accomplish this with the (non-POSIX, BSD)
call seteuid.
Perhaps a little update for the man page would be in order?
-- v --
[EMAIL PROTECTED]
