Re: discarding root privileges in suid perl

To: debian-devel@lists.debian.org
Subject: Re: discarding root privileges in suid perl
From: Brian May <bam@debian.org>
Date: 17 Oct 2000 14:32:21 +1100
Message-id: <84vgus6t2y.fsf@snoopy.apana.org.au>
In-reply-to: miquels@cistron.nl's message of "16 Oct 00 09:56:20 GMT"
References: <84lmvpg3bz.fsf@snoopy.apana.org.au> <8sejc4$ctr$1@enterprise.cistron.net>

>>>>> "Miquel" == Miquel van Smoorenburg <miquels@cistron.nl> writes:

    Miquel> In article <84lmvpg3bz.fsf@snoopy.apana.org.au>, Brian May
    Miquel> <bam@debian.org> wrote:
    >> According to "man perlsec", line 300+, the following code
    >> should destroy extra privileges in a suid root perl script:
    >> 
    >> $EUID = $UID; $EGID = $GID; # initgroups() also called!

    Miquel> You need to 'use English' for the $EUID etc variables to
    Miquel> work.  Otherwise use $>, $<, etc. See 'man perlvar'

Already done. I also use strict, to ensure mistakes like this cannot
happen.

As for this problem, I suspect perl or libc6 might be caching the old
permissions somewhere, but I don't understand how or why.

Otherwise, it should normally be impossible for a non-root program (ie
UID!=root and EUID!=root) to suddenly obtain root privileges.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: discarding root privileges in suid perl
  - From: Mike Markley <mike@markley.org>

References:
- discarding root privileges in suid perl
  - From: Brian May <bam@debian.org>
- Re: discarding root privileges in suid perl
  - From: miquels@cistron.nl (Miquel van Smoorenburg)

Prev by Date: Re: All services that require a restart from libc6 upgrade...
Next by Date: Re: ITP: mklibs.sh
Previous by thread: Re: discarding root privileges in suid perl
Next by thread: Re: discarding root privileges in suid perl
Index(es):
- Date
- Thread