Hi,

Richard Shaw wrote on 2017-03-29 13:38:16 -0500 [[BackupPC-devel] Inherited 
patch question]:
> [...]
> $ cat rpmbuild/BackupPC/SOURCES/BackupPC-4.0.0-fix-shadow-access.patch
> [...]
> -           && $> != (my $uid = (getpwnam($Conf{BackupPCUser}))[2]) ) {
> +           && $> != (my $uid = (getpwnam($Conf{BackupPCUser}))) ) {
> [...]
> What's the effect of removing the [2] from these?

well, in theory (and practise, at least on my local system here) getpwnam
returns something like 'split /:/, $passwd_line' in list context and the
uid in scalar context. The third element (index [2]) of the split would
also be the uid, which explains why the two lines can be equivalent, even
though they seem very different.

>From the *name* of the patch, I would guess that there might be a potential
problem on systems with shadow passwords in some cases, though I can't see
one here on my system. I could *imagine* though, that there might be systems
that differ.

A closer look reveals the following:

        % perl -e 'my @p = getpwnam "foo"; print ">", (join ",", @p), "<\n";'
        foo,x,1234,1234,,,Holger Parplies,/home/foo,/bin/tcsh
        # perl -e 'my @p = getpwnam "foo"; print ">", (join ",", @p), "<\n";'
        foo,<my-hashed-password>,1234,1234,,,Holger Parplies,/home/foo,/bin/tcsh

(no, my user name is not "foo" and my uid is not 1234 ;-), so my Perl (or
rather getpwnam(3)) merges in the shadow password, privilege permitting.
Although I can't find any hint in the documentation, I could imagine that
the attempt to do so could trigger unwanted behaviour (e.g. an audit log or
even termination of the process) under some security systems, depending on
how the determination of "privilege permitting" might be implemented.

In any case, I would *hope* that the scalar context case would be slightly
more efficient, because the unneeded information in the additional array
elements not corresponding to /etc/passwd fields ($quota, $comment, $expire)
does not need to be retrieved.

For an explanation of the getpwnam function look at 'perldoc -f getpwuid'
(strangely, 'perldoc -f getpwnam' is not very helpful, at least on some
systems ;-).

Regards,
Holger

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-devel mailing list
BackupPC-devel@lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-devel
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Reply via email to