Re: Insecure dependency in system under -T, with list form invocation

Replies are listed 'Best First'.
$0 in suid enabled script by cramdorgi (Acolyte) on Sep 15, 2008 at 12:50 UTC
Hi, I did use the basename of $0 in my usage function. This worked fine as long as I was running the script normally. But as soon as I installed it as suid, the $0 turned to contain something like `/dev/fd/4` (i.e. the file descriptor under which perl had opened the script, and which was passed to a child process, running under the new id, I assume). So, how is a script supposed to know under what name it was invoked, if suid'd? Is this a specific problem on Solaris?	[reply] [d/l]
Re: $0 in suid enabled script by Anonymous Monk on Sep 15, 2008 at 13:14 UTC
there is caller and __FILE__ `C:\>more temp.pl #!/usr/bin/perl -- use strict; use warnings; my ($package, $filename, $line) = eval { caller }; print "\$0 $0\n"; print "filename $filename\n"; print "__FILE__ ", __FILE__,"\n"; __END__ C:\>perl temp.pl $0 temp.pl filename temp.pl __FILE__ temp.pl C:\>` [download]	[reply] [d/l]
Re^2: $0 in suid enabled script (not SUID) by tye (Sage) on Sep 15, 2008 at 15:18 UTC
Since $0 isn't anything like "/dev/fd/4" above, you haven't demonstrated that your assumptions apply in the situation described. I'd be quite surprised if they did. You show 3 different ways of getting exactly the same string. When $0 returns "/dev/fd/4", the other two most likely return that exact same string as well. - tye	[reply]
Re^3: $0 in suid enabled script (not SUID) by Anonymous Monk on Sep 15, 2008 at 15:21 UTC
Re^4: $0 in suid enabled script (not SUID) by cramdorgi (Acolyte) on Sep 15, 2008 at 15:43 UTC