Bug in perl? 
Author Message
 Bug in perl?

Hello,

I think I found a bug in perl4.36 (may be in perl5 also).

I have written a script which is started by a WWW-server with the UID/GID
root.system. Because of security, I want this script to run with the UID/GID
nobody.nogroup. I tried

  $(= $)= -2 # -2 is the GID of nogroup
  $<= $>= -2 # -2 is the UID of nobody

and

  $)= $(= -2 # -2 is the GID of nogroup
  $>= $<= -2 # -2 is the UID of nobody

and

  $(= -2 # -2 is the GID of nogroup
  $<= -2 # -2 is the UID of nobody

and

  $)= -2 # -2 is the GID of nogroup
  $>= -2 # -2 is the UID of nobody

but nothing worked. At the moment, a call a C-program containig the following
lines

  setgid( (gid_t)-2);
  setuid( (uid_t)-2);

  execlp( scriptname, 0);

where scriptname is the name of the script. And this works!

Markus



Sat, 15 Mar 1997 04:17:13 GMT  
 Bug in perl?

    Markus> Hello, I think I found a bug in perl4.36 (may be in perl5
    Markus> also).

    Markus> I have written a script which is started by a WWW-server
    Markus> with the UID/GID root.system. Because of security, I want
    Markus> this script to run with the UID/GID nobody.nogroup. I
    Markus> tried

    Markus>   $(= $)= -2 # -2 is the GID of nogroup $<= $>= -2 # -2 is
    Markus> the UID of nobody

    Markus> and

[...other attempts deleted...]

    Markus> but nothing worked. At the moment, a call a C-program
    Markus> containig the following lines

    Markus>   setgid( (gid_t)-2); setuid( (uid_t)-2);

    Markus>   execlp( scriptname, 0);

    Markus> where scriptname is the name of the script. And this
    Markus> works!

This works fine for me, except that I use 65534 instead of -2.

  Sam

--
"It is better to be silent and thought a fool than to open your
    mouth and leave no doubt."



Tue, 18 Mar 1997 21:57:00 GMT  
 Bug in perl?

Quote:


>This works fine for me, except that I use 65534 instead of -2.

That's interesting. 65534 doesn't work for me. In fact, any number >= 60000
has no effect at all. This is on both perl4 and perl5 on HP-UX 9.05.

        -Kartik



Wed, 19 Mar 1997 09:11:39 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. Threads bug in Perl 5.6??

2. Weird bug in perl debugger

3. Bug in Perl 5.000 strict vars pragma

4. Reporting bugs in Perl 5.000

5. Pipe-Bug in Perl/Solaris?

6. Mystery bug in perl 4.0 p36 on DEC Alpha OSF/1 v2.1

7. Bugs in perl, oraperl and a2p

8. possible bug in perl -- pls help fix...

9. Bug in Perl f77 namelist module

10. Bug in perl interpretor: /pat/g iterator.

11. a long integer division bug in perl?

 

 
Powered by phpBB® Forum Software