in reply to Re: Not understanding the code to drop privileges in perlsec
in thread Not understanding the code to drop privileges in perlsec

Thank you very much!

Of course, I have studied the docs before asking here, and have read the relevant portions of perlvar. The leading E and U and G were clear so far :-)

However, the problem is that perlvar does not state how an assignment to these variables is implemented behind the scenes. At the API level, there is a myriad of functions that could be used, some of them only altering EUID / EGID, some of them (potentially) altering UID / GID at the same time, some of them exchanging EUID vs UID, and so on. perlvar also tells that it uses a syscall to implement the assignments, but does not tell which syscall that is.

Also, despite intensive tests, I have never encountered a situation where $UID / $GID were different from $orig_UID / $orig_GID at line 7, so I don't understand the sense of this assignment and how it drops privileges.

Replies are listed 'Best First'.
Re^3: Not understanding the code to drop privileges in perlsec
by talexb (Chancellor) on Feb 22, 2024 at 20:39 UTC
      Also, despite intensive tests, I have never encountered a situation where $UID / $GID were different from $orig_UID / $orig_GID at line 7, so I don't understand the sense of this assignment and how it drops privileges.

    That may be more of a Linux/Unix question than a Perl question -- and it's nothing I can help you with. :) Good luck!

    Alex / talexb / Toronto

    Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

[reply]

In Section Seekers of Perl Wisdom