Re: An odd failure of setuid(0)

Read on perlvar, variables $> and $<. You can drop privileges temporarily assigning to $> (effective uid of the process), but if you assign to $< (real uid of the process) and $> a uid higher than 0, you don't get back to 0.
Setting $< or $> has no effect if neither real nor effective uid are 0.

#!/usr/bin/perl
print "effective: $>, real: $<\n";
$> = 111;
open(O,">foo") or die "Can't write foo: $!\n";
close O or die "Can't close O: $!\n";
$> = 0;
open(O,">bar") or die "Can't write bar: $!\n";
close O or die "Can't close O: $!\n";
$> = 111 ;
# this must fail.
open(O,">bar") or warn "Can't write bar: $!\n";
# change real uid
$< = 111; # oops, forgot to set $> to 0
print "effective: $>, real: $<\n";
$< = 0;   # no effect
print "effective: $>, real: $<\n";
[download]

This outputs:

effective: 0, real: 0
Can't write bar: Permission denied
effective: 111, real: 111
effective: 111, real: 111
[download]

As you see, the second change of the real uid had no effect. Let's see what's in here:

quux [gm] /tmp/foo # ls -l
total 4
-rw-r--r-- 1 root root      0 2006-06-26 02:31 bar
-rw-r--r-- 1  111 root      0 2006-06-26 02:31 foo
-rw-r--r-- 1 root root    338 2006-06-26 02:29 setuid.pl
[download]

Where do you get the function setuid from? can't find that in my perlfunc...

update: ah, POSIX.

   setuid  Sets the real user identifier and the effective user identi
+-
           fier for this process.  Similar to assigning a value to the
           Perl's builtin $< variable, see "$UID" in perlvar, except
           that the latter will change only the real user identifier.
[download]

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: An odd failure of setuid(0) Select or Download Code

Replies are listed 'Best First'.
Re^2: An odd failure of setuid(0) by Llew_Llaw_Gyffes (Scribe) on Jun 26, 2006 at 00:59 UTC
Oh, sorry. setuid() is from POSIX.pm. I omitted the script header, which includes "use POSIX qw(setuid);" I actually think maybe I shot myself in the foot here by trying to do setuid operations that were probably unnecessary since I was already running with setuid/setgid bits. A case of overthinking the problem.	[reply]
Re^3: An odd failure of setuid(0) by shmem (Chancellor) on Jun 26, 2006 at 01:02 UTC
Including all relevant parts of a script is always a good idea.. ;-) cheers, --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply]