Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: change process's effective uid

by Crulx (Monk)
on Feb 10, 2001 at 20:15 UTC ( #57632=note: print w/replies, xml ) Need Help??


in reply to change process's effective uid

Ahh yes. Wise question Anonymous One. Perl is far beyond using function calls for this. Why use function calls when we have variables like $< and $> ?!?!

$< or $UID
"The real user ID of this process."

$>
$EUID
"The effective uid of this process"

Thus speaks the Holy Camel Book of Knowledge Light of the World.
so...

$< = $> #set real to effective uid ($<,$>) = ($>,$<); #swap real and effective uid
Obviously, these require you to be running setuid.Go and rejoice in your new learning.
---
crulx
crulx@iaxs.net

Replies are listed 'Best First'.
Re: Re: change process's effective uid
by sierrathedog04 (Hermit) on Feb 11, 2001 at 00:28 UTC
    My related question is when it is ever safe to use suid to change the user id of an Apache Perl CGI script to a user with some administrative privileges.

    I want to use Lincoln Stein's user_manage Perl module to allow Apache users to remotely change their own passwords. Stein provides some different ways to do it. One way involves:

    Designate a directory that will hold the various password and group files, for example /etc/httpd/security. Make it owned and writable by a specially-designated "web administrator" account, for example "www". Now, running as root, change the ownership of user_manage to "www" and set its "s" bit:
    Is there any danger in doing so? My concern is that the user_manage documentation may be assuming that "everyone knows" not to engage in a particular coding practice when running suid, but I am still a beginner (<1 year Perl/Unix) and I don't know. I intend to use CGI.pm param() to parse the form variables after they are submitted, and I intend to avoid doing foolish things like
    my $form_variable = param("form_variable"); `form_variable`;

    I also will prevent users from uploading form variables which contain values other than letters and numbers. Just to be safe, I may also ban words like 'eval' and 'system' from form variables along with parentheses and backticks.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://57632]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (2)
As of 2022-09-27 05:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer my indexes to start at:




    Results (118 votes). Check out past polls.

    Notices?