From: Jeremy Muhlich <[EMAIL PROTECTED]>
Date: Fri, 20 Jan 2006 12:02:20 -0500
On Thu, 2006-01-19 at 22:25 -0500, Bob Rogers wrote:
> Frequently I need to execute certain portions of the code (e.g that
> creates files / directories) with the user's permission. I am not sure
> how to do this in perl. Currently I am doing something like:
>
> I've never needed this myself, but if I did, I'd probably try $< and $>
I believe you'd want $> , the effective uid. A process running as root
isn't permitted to change the real uid to another user and then back to
root, so $< wouldn't work here unless you fork first.
-- Jeremy
Yes, but if $> can't be localized, one might want to use one of the
examples presented under $> to get back, e.g. "$> = $<;".
Never mind; I just tested, and localization works just fine:
rgrjr:~ # cat test-euid.pl
#! /usr/bin/perl -w
use strict;
system('id');
{
local $> = 500;
system('id');
}
system('id');
rgrjr:~ # ./test-euid.pl
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) euid=500(rogers) groups=0(root)
uid=0(root) gid=0(root) groups=0(root)
rgrjr:~ #
Interestingly, localizing $< also works, and is restored back to root
(so the last line printed is the same), presumably because the EUID is
still root. The same thing goes for localizing $< and then $>. Only
localizing first $> and then $< fails to change either UID back.
And I'm told the exact details of this behavior vary from one OS to
another, even for ones that are POSIX-compliant. No wonder it's so hard
to write code that is both portable and secure.
-- Bob
_______________________________________________
Boston-pm mailing list
[email protected]
http://mail.pm.org/mailman/listinfo/boston-pm
