isidore has asked for the wisdom of the Perl Monks concerning the following question:

Hi all, I have the following script written according to what the perl manual for $> and $< explicitly gives as an example: 
    #!/usr/bin/perl -w
    use strict;
    print "Perl version: $]\n";
    print "UIDs real $<  \t effective $>\n";
    ($>, $<) = ($<, $>);      # swap real uid and effective uid
    print "UIDs real $<  \t effective $>\n";
    ($>, $<) = ($<, $>);      # swap real uid and effective uid
    print "UIDs real $<  \t effective $>\n";
    ($>, $<) = ($<, $>);      # swap real uid and effective uid
    print "UIDs real $<  \t effective $>\n";

[download]
I have setuid-perl installed and run chmod ugo+xs <script>. The file is owned by a user with uid 15001 When I run this script from a different user account (with uid 1020) with Ubuntu 8.04 I get: 
    Perl version: 5.008008
    UIDs real 1020       effective 15001
    UIDs real 15001       effective 1020
    UIDs real 1020       effective 15001
    UIDs real 15001       effective 1020

[download]
All hunky dory and just what I want: the uid and euid swap quite nicely. However when I run this from a new Ubuntu with perl 5.10 I get: 
    Perl version: 5.010000
    UIDs real 1020       effective 15001
    UIDs real 1020       effective 1020
    UIDs real 1020       effective 1020
    UIDs real 1020       effective 1020

[download]
Not what I want :( Once the ids have been set to one value it becomes impossible to get the other value back. Does anyone know what is going on here - or know of a workaround? I've googled every combination of terms I can think of, but not found any suggestions. Thanks, I.

Replies are listed 'Best First'.
Re: setuid script won't behave in 5.10, but did in 5.8
by moritz (Cardinal) on Mar 22, 2010 at 14:53 UTC
    I seem to recall that there was a regression 5.10.0 for setuid scripts because nobody tested them; I think it was fixed in 5.10.1, but deprecated in the 5.11 development track - nobody wants to keep a feature around that can't be tested automatically, and that nobody tests manually before a release.
[reply]
      Wow that was a fast reply! Thanks! The following is a challenge aimed at whoever made the deprecation decision for 5.11 (I'm not shooting the messenger):

      Admittedly it needs a little more setup than most testing - the use of one extra user account, but my example script is trivial and the wrapper to demonstrate it would also be trivial. After being setup once the test script would continue to work as a regression test, and especially for a user on linux, the initial setup wouldn't take much work. Therefore it ought to be testable automatically. Since perl is heavily used by sysadmins I'd say that this feature is Important. Come on are you a perl programmer or not?
[reply]

        Suidperl was deprecated in Perl 5.10.1 and is dead with 5.12, to be released within the next two weeks. It died because there was nobody using it and nobody spoke up in favour of it, and it introduced far too many bugs, and bugs in suidperl are usually system compromises.

        Usually, Perl testers run under one single user and hence don't test the user switching automatically. If you want to provide a patch to test user switching and the setup to change users automatically and unattended, you can submit it to perl5-porters@perl.org for inclusion with Perl.

[reply]
[d/l]

Back to Seekers of Perl Wisdom