Thank you for pointing me Robert
I've tried code you've sent me:
sh-2.05b# perl -wle '
($(,$)) = (80, "80 80"); die $! if $!;
($<,$>) = (80, 80); die $! if $!;
print "ruid: $<\neuid: $>\nrgid: $(\negid: $)\n" '
ruid: 80
euid: 80
rgid: 80 80
egid: 80 80
it works
So I've updated policyd-weight to use this method
Here is diff (also attached):
435c435
< my $VERBOSE = 0;
---
my $VERBOSE = 1;
460c460
< my $USER = "polw"; # User must be a username, no UID
---
my $USER = "spamd"; # User must be a username, no UID
462c462
< my $GROUP = ""; # specify GROUP if necessary
---
my $GROUP = "postfix"; # specify GROUP if necessary
871,873c871,878
< $( = $gname; if($!) { die "($<)($>) set GID to
$gname: $!"; }
<
< $) = "$gname $gname"; if($!) { die "set EGID to $gname: $!"; }
---
# $( = $gname;
($(,$)) = ($gname, "$gname $gname");
if($!) { die "($<)($>) set GID && EGID to $gname: $!"; }
# $) = "$gname $gname"; if($!) { die "set EGID to $gname: $!"; }
($<, $> )= ($uname, $uname);
if($!) { die "set UID && EUID to $uname: $!"; }
875c880
< $<=$uname; if($!) { die "set UID to $uname: $!"; }
---
# $<=$uname; if($!) { die "set UID to $uname: $!"; }
877c882
< $>=$uname; if($!) { die "set EUID to $uname: $!"; }
---
# $>=$uname; if($!) { die "set EUID to $uname: $!"; }
2338c2343
< if(!( $< = getpwnam($USER)))
---
if(!( ($<,$>) = (getpwnam($USER),getpwnam($USER))))
2344c2349
< if(!( $( = getpwnam($USER) ))
---
if(!( ($(,$)) = (getpwnam($USER),getpwnam($USER)." ".getpwnam($USER)) ))
On 11/1/06, Robert Felber <[EMAIL PROTECTED]> wrote:
Unfortunately that is not portable either, also, this does not empty the groups
you are in.
Please try following:
perl -wle '
($(,$)) = (80, "80 80"); die $! if $!;
($<,$>) = (80, 80); die $! if $!;
print "ruid: $<\neuid: $>\nrgid: $(\negid: $)\n" '
This must output following:
ruid: 80
euid: 80
rgid: 80 80
egid: 80 80
I do NOT expect that to be portable, after all, set*id - regardless which
approach one uses, is non portable, even using "use POSIX" is non portable.
However, I'll first use the above version, check for errors and then use the
current approach. If nothing works, then the OS/perl on that plattform is
highly broken.
The patch your provided may work on Mac, but outputs here:
linux redhat 7.1, kernel 2.4.25, perl 5.6:
root# perl -wle '
$(=$) = 80; die $! if $!;
$<=$> = 80; die $! if $!;
print "ruid: $<\neuid: $>\nrgid: $(\negid: $)\n" '
ruid: 80
euid: 80
rgid: 80 10 6 4 3 2 1 0
egid: 80 10 6 4 3 2 1 0
^^^^^^^^^^^^^^ Danger!
FreeBSD 6.1, perl 5.8.8:
root# perl -wle '
quote> $(=$) = 80; die $! if $!;
quote> $<=$> = 80; die $! if $!;
quote> print "ruid: $<\neuid: $>\nrgid: $(\negid: $)\n" '
Operation not permitted at -e line 3.
No comment.
435c435
< my $VERBOSE = 0;
---
> my $VERBOSE = 1;
460c460
< my $USER = "polw"; # User must be a username, no UID
---
> my $USER = "spamd"; # User must be a username, no UID
462c462
< my $GROUP = ""; # specify GROUP if necessary
---
> my $GROUP = "postfix"; # specify GROUP if necessary
871,873c871,878
< $( = $gname; if($!) { die "($<)($>) set GID to $gname: $!";
}
<
< $) = "$gname $gname"; if($!) { die "set EGID to $gname: $!"; }
---
> # $( = $gname;
> ($(,$)) = ($gname, "$gname $gname");
> if($!) { die "($<)($>) set GID && EGID to $gname: $!"; }
>
> # $) = "$gname $gname"; if($!) { die "set EGID to $gname: $!"; }
>
> ($<, $> )= ($uname, $uname);
> if($!) { die "set UID && EUID to $uname: $!"; }
875c880
< $<=$uname; if($!) { die "set UID to $uname: $!"; }
---
> # $<=$uname; if($!) { die "set UID to $uname: $!"; }
877c882
< $>=$uname; if($!) { die "set EUID to $uname: $!"; }
---
> # $>=$uname; if($!) { die "set EUID to $uname: $!"; }
2338c2343
< if(!( $< = getpwnam($USER)))
---
> if(!( ($<,$>) = (getpwnam($USER),getpwnam($USER))))
2344c2349
< if(!( $( = getpwnam($USER) ))
---
> if(!( ($(,$)) = (getpwnam($USER),getpwnam($USER)." ".getpwnam($USER)) ))
