summaryrefslogtreecommitdiff
path: root/utils/perldoc.PL
diff options
context:
space:
mode:
authorJarkko Hietaniemi <jhi@iki.fi>2002-01-13 17:08:18 +0000
committerJarkko Hietaniemi <jhi@iki.fi>2002-01-13 17:08:18 +0000
commitc8d2171d9a4e444fcbc15a9762adc552285c7cab (patch)
tree4b020a6369172bd2aab76b61c2211cdfb694d7da /utils/perldoc.PL
parent501c85f0951266e925a792b39f6b3d8f74be73a4 (diff)
downloadperl-c8d2171d9a4e444fcbc15a9762adc552285c7cab.tar.gz
Anton Berezin did more reading and the uid setting story
gets more complex. p4raw-id: //depot/perl@14236
Diffstat (limited to 'utils/perldoc.PL')
-rw-r--r--utils/perldoc.PL26
1 files changed, 20 insertions, 6 deletions
diff --git a/utils/perldoc.PL b/utils/perldoc.PL
index 62a82f381f..2f60c6ed2e 100644
--- a/utils/perldoc.PL
+++ b/utils/perldoc.PL
@@ -169,13 +169,27 @@ if (!($Is_VMS || $Is_MSWin32 || $Is_Dos || $Is_OS2) && ($> == 0 || $< == 0)
my $id = eval { getpwnam("nobody") };
$id = eval { getpwnam("nouser") } unless defined $id;
$id = -2 unless defined $id;
+ #
+ # According to Stevens' APUE and various
+ # (BSD, Solaris, HP-UX) man pages setting
+ # the real uid first and effective uid second
+ # is the way to go if one wants to drop privileges,
+ # because if one changes into an effective uid of
+ # non-zero, one cannot change the real uid any more.
+ #
+ # Actually, it gets even messier. There is
+ # a third uid, called the saved uid, and as
+ # long as that is zero, one can get back to
+ # uid of zero. Setting the real-effective *twice*
+ # helps in *most* systems (FreeBSD and Solaris)
+ # but apparently in HP-UX even this doesn't help:
+ # the saved uid stays zero (apparently the only way
+ # in HP-UX to change saved uid is to call setuid()
+ # when the effective uid is zero).
+ #
eval {
- # According to Stevens' APUE and various
- # (BSD, Solaris, HP-UX) man pages setting
- # the real uid first and effective uid second
- # is the way to go if one wants to drop privileges,
- # because if one changes into an effective uid of
- # non-zero, one cannot change the real uid any more.
+ $< = $id; # real uid
+ $> = $id; # effective uid
$< = $id; # real uid
$> = $id; # effective uid
};