New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failure with ($>, $<) = ($<, $>) on linux. #12047
Comments
From david.Ingamells@mapscape.euCreated by David.ingamells@mapscape.euThis bug was first reported to the Ubuntu team as bug number 576984 a long time ago The following perl (from perl-base) script fails in the new LTS Ubuntu 10.04, it works in LTS version 8.04. It tests the perl statement ( which is documented in perl's perlvar maunal page, also in version 5.14.1. The output expected is in the script's header comments. Under Ubuntu 10.04 (perl 5.10.1) it results in: Testing perl version 5.010001 Notice how the 2 uids are the same after the attempt to swap. <b>Note to demonstrate this bug the script needs to perform sudo commands.</b> Therefore Notes: Kind regards, <---begin script---> # this program should give output like: use warnings; # This program creates a perl_script: my $perl_script = "/tmp/swap_uid.pl"; # and a C program that runs this perl script: my $c_source = "/tmp/run_me.c"; # This program is given a different owner ID my sub my_system($) return $result; sub create_perl_script($) my $script = '#!/usr/bin/perl use warnings; my die "Effective UID ($eff_uid) is same as own UID" if ($real_uid == $eff_uid); open my $FH, '>', $file_name or die "Could not open script file"; sub create_program($$$$) # See perlsec where this code is presented. open my $FH, '>', $source_file or die "Could not open source file"; my_system "gcc -o $executable $source_file" and die "Could not compile C program"; sub run_test($) sub cleanup foreach my $f (@_) create_perl_script($perl_script); The following code change fixes the problem with perl 5.10 .1. The above script now gives this output: Testing perl version 5.010001 After swap UID = 1021, EUID = 1020 After double swap UID = 1020, EUID = 1021 PLEASE FIX THE DISTRIBUTED VERSION IN UBUNTU 10.4. In mg.c use setresuid by preference if it is available and set the saved uid (3rd argument) to the other value so that case '<': #ifdef HAS_SETRESUID Perl Info
|
From @LeontOn Tue, Apr 10, 2012 at 8:09 AM, david.Ingamells@mapscape.eu
Why are you doing this in the first place? In particular, why are you BTW I can reproduce this is 5.12 but not in 5.14 (don't have 5.10 at
That codepath should not be used in this case, it should use delayed Leon |
The RT System itself - Status changed from 'new' to 'open' |
From david.Ingamells@mapscape.euOn 10/04/12 12:25, Leon Timmermans via RT wrote:
Leon, The action isn't SET but SWAP. An executable with the sticky bit set Here are some of the GNU/Linux executables that have the "s" bit set - This feature is also documented in the core Perl documentation.
It seems then that someone else has discovered the bug and it has been We will soon be upgrading from the current long-term-support Ubuntu
The update I applied and supplied here worked and was the minimal -- *David*<http://www.mapscape.eu/> |
From @LeontOn Tue, Apr 10, 2012 at 2:17 PM, David Ingamells
You're forgetting about the saved id (which you confusingly did
It would be pleasant if you would assume I have a clue of what I'm
That's all I needed to know. You just want to reversibly set the
I'm not seeing any obvious changes that would explain that in the
Quite to the contrary. It would make everyone's code easier: yours and ours. Leon |
From @LeontOn Tue, Apr 10, 2012 at 2:17 PM, David Ingamells
You're talking about this swapping as if it's a purpose in itself, it # setuid, so [res]uids at start are (self, other, other) Leon |
Migrated from rt.perl.org#112374 (status was 'open')
Searchable as RT112374$
The text was updated successfully, but these errors were encountered: