I'm working to improve ASSP's support for *nix environments. (ASSP is an anti-spam smtp proxy.) One of the important features is to be able to run as non-root after we start listening on port 25. I know how to switch euid with $>, but I had a couple of questions for those wiser than I.

First is it important to switch $< as well (ie real uid)? It might be nice to preserve $< so I can switch back to root if they kill -HUP and I need to switch ports. But in the event of a perl-based vulnerability and I changed $> but not $< I suppose the clever hacker would switch $> back if possible. So I probably need to do that, right?

Secondly do I need to give the option to switch $) and $( as well (effective and real group id)? I suppose root group might be able to do something a hacker shouldn't, even after they've lost root euid, right? Furthermore $) can return a list -- if I do something like $)=$gid; die "aaack!" if $) ne $gid; would it work?

Finally, this code has to have been written 1000 times, but I couldn't find it anywhere. Can someone point me to an opensource perl server daemon that I can swipe code from? Or perhaps paste in their prized nuget from their own project with permission to recycle?

Thanks tons,
John

In reply to Changing user and GROUP id for security? by jhanna

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.