Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Not understanding the code to drop privileges in perlsec

by talexb (Chancellor)
on Feb 22, 2024 at 05:28 UTC ( [id://11157833]=note: print w/replies, xml ) Need Help??


in reply to Not understanding the code to drop privileges in perlsec

The documentation you probably need is here, and is referred to in the English module. The leading E is Effective; U is User and G is Group. ID is the Linux user or group id. The documentation link should tell you what you need to know about the difference between the effective and the real IDs.

Alex / talexb / Toronto

Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

  • Comment on Re: Not understanding the code to drop privileges in perlsec

Replies are listed 'Best First'.
Re^2: Not understanding the code to drop privileges in perlsec
by Nocturnus (Beadle) on Feb 22, 2024 at 19:07 UTC

    Thank you very much!

    Of course, I have studied the docs before asking here, and have read the relevant portions of perlvar. The leading E and U and G were clear so far :-)

    However, the problem is that perlvar does not state how an assignment to these variables is implemented behind the scenes. At the API level, there is a myriad of functions that could be used, some of them only altering EUID / EGID, some of them (potentially) altering UID / GID at the same time, some of them exchanging EUID vs UID, and so on. perlvar also tells that it uses a syscall to implement the assignments, but does not tell which syscall that is.

    Also, despite intensive tests, I have never encountered a situation where $UID / $GID were different from $orig_UID / $orig_GID at line 7, so I don't understand the sense of this assignment and how it drops privileges.

        Also, despite intensive tests, I have never encountered a situation where $UID / $GID were different from $orig_UID / $orig_GID at line 7, so I don't understand the sense of this assignment and how it drops privileges.

      That may be more of a Linux/Unix question than a Perl question -- and it's nothing I can help you with. :) Good luck!

      Alex / talexb / Toronto

      Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11157833]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (6)
As of 2024-04-23 13:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found