Path: utzoo!attcan!uunet!zaphod.mps.ohio-state.edu!sdd.hp.com!elroy.jpl.nasa.gov!jpl-devvax!lwall From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) Newsgroups: comp.lang.perl Subject: Re: Has anyone tested $< and $> ? Message-ID: <10138@jpl-devvax.JPL.NASA.GOV> Date: 28 Oct 90 09:54:49 GMT References: <4520@rsiatl.UUCP> Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) Organization: Jet Propulsion Laboratory, Pasadena, CA Lines: 53 In article <4520@rsiatl.UUCP> pda@rsiatl.UUCP (Paul D. Anderson) writes: : I appear to misunderstand $< with a setuid program. Could someone : please help me clarify it's use? : : I have a set uid program as follows: : : -rwsrwsr-x 1 jgd hackers 137 Oct 28 01:42 sid : : The text is as follows: : : #!/usr/bin/perl -S $0 ${1+"$@"} What kind of a weird system are you on? : eval 'exec /usr/bin/perl -S $0 ${1+"$@"}' : if $0; If you really need these two lines, setuid scripts shouldn't work at all. : printf STDOUT "uid is %d going to %d \n", $<, $>; : : 1; : : : When I run the program, the output is as follows: : : uid is 140 going to 140 I suspect you're running with suidperl to emulate setuid scripts, and you don't have a seteuid() or setreuid() call, so it has to do a setuid(), which sets both values. : I think that the output should read 'uid is 110 going to 140'. (jgd=140, : my uid=110.) Anyone got a clue? Since I want to validate who uses the : program, I need to be able to find out who the true invoker is. That'd be nice. If the problem is what I guessed, the only way around it is to abandon suidperl and put a setuid C wrapper around it that executes taintperl on the script. (Well, I suppose it would also be possible to mine ps output for the uid of your parent process, but that's pretty disgusting.) If you didn't ask for setuid emulation when you built perl, are you starting up a ksh that sets ruid equal to euid before going on to exec perl? In any event, lose the extra arguments on the #! line. Pret' near any system that knows how to interpret #! in the kernel only allows a single argument, and nobody of a shell persuasion is going to interpret those arguments in a comment anyway. If you ARE on a system that knows #!, the kernel probably only sees #!/usr/bin/perl -S, which is strange but benign. Larry