New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Writing to $> and friends hide errors #11757
Comments
From @leonerdCreated by @leonerdReliable error detection of setuid/setgid/setgroups operations is next to impossible. At first glance $> = $new_uid; appears to work, but this might give the wrong failure in $!, because the $> = $new_uid; my is a slight improvement. The groups list in $) is harder, because some OSes remove duplicates, or perldoc perlvar claims the caller can simply check the value of $! after the From mg.c: 2791 (void)seteuid((Uid_t)PL_euid); 2878 (void)setegid((Gid_t)PL_egid); 2867 (void)setgroups(i, gary); Here Perl is ignoring the success-or-failure result from the set*() calls, and ----- I'd suggest a tiny improvement; fixing those lines to something such as: if(seteuid((Uid_t)PL_euid) != -1) errno = 0; so that Perl now guarantees that if every operation succeeds, errno and hence I can supply a patch if required Perl Info
|
From @cpansproutOn Sat Nov 19 07:42:28 2011, leonerd@leonerd.org.uk wrote:
Generally the rule is that $! is only reliable when one already knows But that leads to twisted code, as you demonstrated, as $> is not a So, at least for special variables like this, I would be all for the -- Father Chrysostomos |
The RT System itself - Status changed from 'new' to 'open' |
From @doyOn Sat, Nov 19, 2011 at 10:00:43AM -0800, Father Chrysostomos via RT wrote:
You know, with all of these issues, and considering almost the entire -doy |
From @LeontOn Sun, Nov 20, 2011 at 1:32 AM, Jesse Luehrs <doy@tozt.net> wrote:
Yeah, that would be my sentiment too. It's an ok interface for reading Alternatively, I think it wouldn't be a bad idea if failure throws an Leon |
From @leonerdOn Sun, Nov 20, 2011 at 01:37:42AM +0100, Leon Timmermans wrote:
I'd be happy to deprecate writing to them, in favour of using Shall I add it to my list of pending POSIX stuff? (i.e. strptime) -- leonerd@leonerd.org.uk |
From @doyOn Sun, Nov 20, 2011 at 01:37:42AM +0100, Leon Timmermans wrote:
Localizing the effective UID is a neat trick in the same way that
I'd like to see this start to become true in a lot more situations (as -doy |
From @khwilliamsonOn 11/21/2011 11:13 AM, Paul LeoNerd Evans wrote:
+1 |
From @LeontOn Mon, Nov 21, 2011 at 7:13 PM, Paul LeoNerd Evans
There are issues with setuid(2) (in particular, on SysV-like systems seteuid(2) and setegid(2) are both portable and sane, I'd love to have Leon |
From zefram@fysh.orgPaul LeoNerd Evans wrote:
We need a module that collects all the Unix set*id functions, including -zefram |
From @LeontOn Mon, Nov 21, 2011 at 8:27 PM, Zefram <zefram@fysh.org> wrote:
There is a good module on CPAN for [gs]etres[ug]id, and there's no Leon |
From @leonerdOn Mon, Nov 21, 2011 at 07:27:21PM +0000, Zefram wrote:
I was pondering hacking up a POSIX::setuid or somesuch, that wrapped all Though is there any reason why we shouldn't just pop those in the main -- leonerd@leonerd.org.uk |
From zefram@fysh.orgPaul LeoNerd Evans wrote:
Yeah, the better ones aren't part of the POSIX standard. -zefram |
From @LeontOn Sun, Nov 20, 2011 at 1:37 AM, Leon Timmermans <fawaka@gmail.com> wrote:
I implemented this as a CPAN module, autodie::variables just hit CPAN. Leon |
From @rjbsSo some of the options: 1. deprecate assigning to these vars, giving a long deprecation period (2yr) to let the 2. continue to allow assignment to $<,etc., but make failures fatal 3. leave things as they are, but document the acrobatics that are required to try for sane error Also mentioned: #2, but fatal only under some pragma like autodie or a feature. My tentative favorite is #2. A grep of CPAN finds people using assignment to these vars, but Documentation should also be updated to explain why users should look at using something -- |
From [Unknown Contact. See original ticket]So some of the options: 1. deprecate assigning to these vars, giving a long deprecation period (2yr) to let the 2. continue to allow assignment to $<,etc., but make failures fatal 3. leave things as they are, but document the acrobatics that are required to try for sane error Also mentioned: #2, but fatal only under some pragma like autodie or a feature. My tentative favorite is #2. A grep of CPAN finds people using assignment to these vars, but Documentation should also be updated to explain why users should look at using something -- |
From @TuxOn Thu, 24 Jan 2013 07:09:15 -0800, "Ricardo SIGNES via RT"
I've just user assigning to As it works, I think I fall under #2, but my initial reaction was #2
Yeah, esp when the shit hits the fan, it would be swell to see what to -- |
From @ap* Ricardo SIGNES via RT <perlbug-comment@perl.org> [2013-01-24 16:10]:
4. All of the above? :-) I think assigning to these variables doesn’t make sense as an interface. Year 1: document alternatives; announce intentions in perldelta
Those all seem so to me as well. I am not convinced that what I proposed Regards, |
From @rjbsThis topic seemed likely to go somewhere less than a year ago, but seems now to have stalled. Is there interest out there in figuring out the way forward? -- |
From @leonerdOn Sun, 25 Aug 2013 20:14:24 -0700
I'd be fairly interested in having some more reliable mechanism, yes. I -- leonerd@leonerd.org.uk |
From zefram@fysh.orgRicardo SIGNES wrote:
I'd like to see us deprecate writing to $< et al. Interestingly, Of course, we need to have such a module that we can confidently point -zefram |
From @LeontOn Mon, Dec 11, 2017 at 7:24 AM, Zefram <zefram@fysh.org> wrote:
I disagree with my past self here. I believe that getting rid of this will This functionality is usually used by scripts that have root privileges, What would make more sense to me is to not let failures be silent. They We should definitely fix our terrible documentation for these variables to
It can't really be tested because anything interesting requires root
Unix::SavedIDs or Perm::Uuid are excellent suggestions for in the docs, but Leon |
From @cpansproutOn Tue, 12 Dec 2017 17:26:08 -0800, LeonT wrote:
Where can I find this module? I don’t see it on CPAN. -- Father Chrysostomos |
From @GrinnzOn Tue, Dec 12, 2017 at 8:25 PM, Leon Timmermans <fawaka@gmail.com> wrote:
That would be really nice. I usually resort to using the equivalent |
From @LeontOn Wed, Dec 13, 2017 at 2:58 AM, Father Chrysostomos via RT <
I misremembered, that should have been Proc::UID Leon |
Migrated from rt.perl.org#104060 (status was 'open')
Searchable as RT104060$
The text was updated successfully, but these errors were encountered: