[Bug 576984] Re: Swapping UID and EUID fails in perl scripts

Tue, 21 Sep 2010 03:42:01 -0700 

The following code change fixes the problem with perl 5.10 .1. The above
script now gives this output:

Testing perl version 5.010001
Initially         UID = 1020, EUID = 1021

After        swap UID = 1021, EUID = 1020

After double swap UID = 1020, EUID = 1021

PLEASE FIX THE DISTRIBUTED VERSION IN UBUNTU 10.4.

In mg.c use setresuid by preference if it is available and set the saved
uid (3rd argument) to the other value so that both values (real and
effective) are always present among the 3 values the system knows (real,
effective and saved).

    case '<':
                PL_uid = SvIV(sv);
                if (PL_delaymagic)
                {
                        PL_delaymagic |= DM_RUID;
                        break;                          /* don't do magic till 
later */
                }

#ifdef HAS_SETRESUID
                {
                        Uid_t Curr_uid = getuid();
                        Uid_t Curr_euid = geteuid();
                        Uid_t saved_Uid = (Curr_uid != (Uid_t)PL_uid) ? 
Curr_uid :  Curr_euid;
                        (void)setresuid((Uid_t)PL_uid, (Uid_t)-1, saved_Uid);
                }
#else
#ifdef HAS_SETRUID
                (void)setruid((Uid_t)PL_uid);
#else
#ifdef HAS_SETREUID
                (void)setreuid((Uid_t)PL_uid, (Uid_t)-1);
#else
                if (PL_uid == PL_euid)
                {               /* special case $< = $> */
#ifdef PERL_DARWIN
                   /* workaround for Darwin's setuid peculiarity, cf [perl 
#24122] */
                        if (PL_uid != 0 && PerlProc_getuid() == 0)
                        {
                                (void)PerlProc_setuid(0);
                        }
#endif
                        (void)PerlProc_setuid(PL_uid);
                }
                else
                {
                        PL_uid = PerlProc_getuid();
                        Perl_croak(aTHX_ "setruid() not implemented");
                }
#endif
#endif
#endif
                PL_uid = PerlProc_getuid();
                PL_tainting |= (PL_uid && (PL_euid != PL_uid || PL_egid != 
PL_gid));
                break;
    case '>':
                PL_euid = SvIV(sv);
                if (PL_delaymagic)
                {
                        PL_delaymagic |= DM_EUID;
                        break;                          /* don't do magic till 
later */
                }
#ifdef HAS_SETRESUID
                {
                        Uid_t Curr_uid = getuid();
                        Uid_t Curr_euid = geteuid();
                        Uid_t saved_Uid = (Curr_euid != (Uid_t)PL_euid) ? 
Curr_euid :  Curr_uid;
                        (void)setresuid((Uid_t)-1, (Uid_t)PL_euid, saved_Uid);
                }
#else
#ifdef HAS_SETEUID
                (void)seteuid((Uid_t)PL_euid);
#else
#ifdef HAS_SETREUID
                (void)setreuid((Uid_t)-1, (Uid_t)PL_euid);
#else
                if (PL_euid == PL_uid)          /* special case $> = $< */
                {
                        PerlProc_setuid(PL_euid);
                }
                else
                {
                        PL_euid = PerlProc_geteuid();
                        Perl_croak(aTHX_ "seteuid() not implemented");
                }
#endif
#endif
#endif

-- 
Swapping UID and EUID fails in perl scripts
https://bugs.launchpad.net/bugs/576984
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to