Mon Dec 20 08:24:13 2010: Request 63801 was acted upon.
Transaction: Correspondence added by arost
Queue: PAR-Packer
Subject: setuid pp'ed scripts: 1st invocation fails, 2nd+ call ok
Broken in: 1.008
Severity: Wishlist
Owner: Nobody
Requestors: bitc...@post2.25u.com
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=63801 >
On Mon Dec 20 07:51:04 2010, roderich.sch...@googlemail.com wrote:
> On Mon, Dec 20, 2010 at 12:28 PM, Alexander Ost via RT
> > 3/ it seems that PAR tries to put some file into the cache at a later
> > point during the program's lifetime
>
> Correct. Some stuff will only be extracted on demand.
I just verified that (as suspected) this breaks any script that changes its
effective
uid during runtime, because it leads to ownership clashes in the cache
directory.
No matter if the change is due to setuid or because of some the script itself
changes
the id.
So... is there
a) any way to "request" that the whole archive is extracted *completely* into
the cache?
or
b) what would you think about a solution where all cache entry access (esp
writing) is
ONLY done with the real user id, not the effective user id?
Cheers/alex
