If you're on a unix of some type, chances are you have saved ids. If this is new to you, as it was to me a week ago, here's what saved ids are. You have your real uid ($<) and your effective uid ($>) and you also have this thing called your saved user id. (You also have a saved gid.) You may notice that there is no nifty perl var for your saved uid or gid. The intention of saved ids is to allow a privileged process to drop root privileges from both the real and effective ids and then be able to switch back again later.
Because there was no existing maintained perl interface to the appropriate functions, I wrote Unix::SavedIDs.
The primary application that I foresee for Unix::SavedIDs is privileged processes that want to really become unprivileged and stay that way. Said another way, if you thought you dropped root and you didn't set your saved uid and saved gid, think again.
Unix::SavedIDs is just a direct map from the c functions to perl. The interface is sparse. I'm working on Proc::SetUser (though I may rename it to Unix::SetUser) which will give a much more friendly interface.
I must acknowledge Paul Fenwick and his Proc::UID, which basically did everything in Unix::SavedIDs and Proc::SetUser and he did it in 2004. Unfortunately, it hasn't been updated since 2004 and he expressly states that it shouldn't be used in production code.
Unix::SavedIDs is currently alpha code, but I'll be using it in production a lot, so expect it to be out of alpha pretty quickly. I'll be using it on Linux and OpenBSD , primarily in perl 5.8.x.
Send email to dmartin@cpan.org, or just msg me or comment on this node.
Thank you PerlMonks!
--Pileofrogs
|
|---|