Re: Clues on writing a secure daemon

I suggest you to have a look at perlsec. It gives quite a few good suggestions, especially the -T (taint) flag for server programs.

Comment on Re: Clues on writing a secure daemon

Replies are listed 'Best First'.
Re^2: Clues on writing a secure daemon by n3dst4 (Scribe) on Oct 16, 2004 at 12:59 UTC
I've been reading that. And the example of dropping setuid permissions has utterly baffled me (my comments added): `my @temp = ($EUID, $EGID); # Store EUID and EGID my $orig_uid = $UID; # Store UID and GID my $orig_gid = $GID; $EUID = $UID; # Set EUID and EGID to + UID and GID $EGID = $GID; # Drop privileges $UID = $orig_uid; # Set UID and GID to.. +. themselves? $GID = $orig_gid; # Make sure privs are really gone ($EUID, $EGID) = @temp; # Set effective UID an +d GID what # they were before? He +lp! die "Can't drop privileges" unless $UID == $EUID && $GID eq $EGID; # Test UID +and GID` [download] I don't get that.	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Clues on writing a secure daemon
by n3dst4 (Scribe) on Oct 16, 2004 at 12:59 UTC

            my @temp     = ($EUID, $EGID);      # Store EUID and EGID
            my $orig_uid = $UID;                # Store UID and GID
            my $orig_gid = $GID;
            $EUID = $UID;                       # Set EUID and EGID to
+ UID and GID
            $EGID = $GID;             
            # Drop privileges
            $UID  = $orig_uid;                  # Set UID and GID to..
+. themselves?
            $GID  = $orig_gid;
            # Make sure privs are really gone
            ($EUID, $EGID) = @temp;             # Set effective UID an
+d GID what 
                                                # they were before? He
+lp!
            die "Can't drop privileges"
                unless $UID == $EUID  && $GID eq $EGID;    # Test UID 
+and GID
[download]

[reply]
[d/l]