Brent Welch wrote:
> Umm - this implies that you are calling "setuid" with no arguments -
> in that case, what are you trying to accomplish? With your modifications
> the command will do nothing in this case.
> The "60001" value is a solaris-ism - its standard "nobody" account.
>
> >>>Orion said:
> > I was trying to use setuid and I kept getting a userid of 60001. Looking
> > at the code I found the reason.
> >
> > uid = 60001;
> > if (argc > 1) {
> > Tcl_GetInt(interp, argv[1], &uid); /* new user id */
> > }
> > if (setuid((uid_t)uid) < 0) {
> > Tcl_AppendResult(interp, "setuid: ", Tcl_PosixError(interp),
> > NULL);
> > return TCL_ERROR;
> > }
> > return TCL_OK;
> >
> > this works a lot better as
> >
> > uid = 60001;
> > if (argc > 1) {
> > Tcl_GetInt(interp, argv[1], &uid); /* new user id */
> > if (setuid((uid_t)uid) < 0) {
> > Tcl_AppendResult(interp, "setuid: ", Tcl_PosixError(interp),
> > NULL);
> > return TCL_ERROR;
> > }
> > }
> > return TCL_OK;
> >
> > --
> > Orion Robillard <[EMAIL PROTECTED]>
> > Smith & Wesson: The original point-and-click interface.
> >
>
> -- Brent Welch <[EMAIL PROTECTED]>
> http://www.ajubasolutions.com
> Scriptics changes to Ajuba Solutions
> scriptics.com => ajubasolutions.com
The second implementation is a big security hole for those working on Unix and
who do not provide a UID.
The first implementation as under 3.0.2 and 3.0.3 is just fine.
In each case it would be fine if httpd.tcl would print out the uid during
startup, so administrators do not have to guess.
The best whould be indirectly by creating a file and showing its access
rights.
--
#-------With best regards, Mit freundlichen Gruessen, Met vriendelijke groet,
------
# Piet Vloet
# Siemens AG Austria
# Boschstrasse 10 Phone : +43-51707-42906
# A-1190 Vienna Fax : +43-51707-52606
# mailto:[EMAIL PROTECTED] WWW:http://www.siemens.at
