$< = $runuid;
Also see POSIX::setuid
After Compline,
Zaxo | [reply]
[d/l] |
You can drop privilidges by assigning to $<, $>, $( and $), which stand for the UID,
EUID, GID and EGID of the program. You could also use
POSIX::setuid and POSIX::setgid.
You may want to check out the perlsec and perlvar manual
pages, the POSIX module, Stevens' Advanced Programming
in the UNIX environment, and the relevant manuals on
your system.
Abigail | [reply]
[d/l]
[select] |
Thanks both, I'll look into doing this. (forgot to login before i posted)
| [reply] |
Or you could just use a higher port like say... 8080 or was it 8008, and that way you wouldn't even need to launch your server task as root. Any one here remember what port EOTL mud used? My fav back in the day.
| [reply] |
I would recommend writing a very short application to open port 23, switch UIDs, then exec your real server. That means your only root security risks are in the listener program; once the other program has started, there's no way to get back root status. Plus, it's easy to give a thorough security audit to a 56-line program.
Speaking of 56-line programs,
The other thing I would strongly recommend is that you write your server with perl's taint-checking (-T) switch. It's no substitute for a secure mindset, but it catches many types of silly errors and many more subtle errors. It makes sure any data coming from the user is sanitized before it's used for anything dangerous.
| [reply]
[d/l]
[select] |