Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Can perl process change their effective uid inline like C statement
"setuid(getuid());"?
thank you.

Replies are listed 'Best First'.
Re: change process's effective uid
by Crulx (Monk) on Feb 10, 2001 at 20:15 UTC
    Ahh yes. Wise question Anonymous One. Perl is far beyond using function calls for this. Why use function calls when we have variables like $< and $> ?!?!

    $< or $UID
    "The real user ID of this process."

    $>
    $EUID
    "The effective uid of this process"

    Thus speaks the Holy Camel Book of Knowledge Light of the World.
    so... 

    $< = $>   #set real to effective uid
($<,$>) = ($>,$<);   #swap real and effective uid

    [download]
    Obviously, these require you to be running setuid.Go and rejoice in your new learning.
    ---
    crulx
    crulx@iaxs.net
[reply]
[d/l]
      My related question is when it is ever safe to use suid to change the user id of an Apache Perl CGI script to a user with some administrative privileges.

      I want to use Lincoln Stein's user_manage Perl module to allow Apache users to remotely change their own passwords. Stein provides some different ways to do it. One way involves:

      Designate a directory that will hold the various password and group files, for example /etc/httpd/security. Make it owned and writable by a specially-designated "web administrator" account, for example "www". Now, running as root, change the ownership of user_manage to "www" and set its "s" bit:
      Is there any danger in doing so? My concern is that the user_manage documentation may be assuming that "everyone knows" not to engage in a particular coding practice when running suid, but I am still a beginner (<1 year Perl/Unix) and I don't know. I intend to use CGI.pm param() to parse the form variables after they are submitted, and I intend to avoid doing foolish things like 
      my $form_variable = param("form_variable");
`form_variable`;

      [download]

      I also will prevent users from uploading form variables which contain values other than letters and numbers. Just to be safe, I may also ban words like 'eval' and 'system' from form variables along with parentheses and backticks.

[reply]
[d/l]
Re: change process's effective uid
by chipmunk (Parson) on Feb 10, 2001 at 20:09 UTC
    Yes indeed. Perl does this with special variables instead of with function calls. The real uid is $<, and the effective uid is $>.

    Here's the Perl equivalent of your C statement: $> = $<;   # set effective uid to real uid See the docs for more examples, as well as the variables for gid.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom