New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UIDs and GIDs should not be cached #11546
Comments
From @LeontThis is a bug report for perl from fawaka@gmail.com, Currently, the real uid, the effective uid, the real gid and the effective gid are cached by perl. This can result in erroneous results if something other that core changes any of these process properties. This issue is similar to #85520. Flags: Site configuration information for perl 5.14.1: Configured by leon at Tue Jun 28 15:59:52 CEST 2011. Summary of my perl5 (revision 5 version 14 subversion 1) configuration: Locally applied patches: @INC for perl 5.14.1: Environment for perl 5.14.1: |
From @jkeenanOn Wed Aug 03 08:10:28 2011, LeonT wrote:
Is there any way we could get a small program that demonstrates this bug? Thank you very much. |
The RT System itself - Status changed from 'new' to 'open' |
From @LeontOn Tue Dec 06 04:08:51 2011, jkeenan wrote:
See attachment. (It requires a working syscall.ph file though) Leon |
From @LeontOn Sun, Jan 15, 2012 at 9:57 PM, Leon Timmermans via RT
D'oh! I was sleeping, and showed the same issue for the PID instead of the Leon |
From @LeontOn Sun, Jan 15, 2012 at 10:03 PM, Leon Timmermans <fawaka@gmail.com> wrote:
Third attempt. I really should stop coding for tonight. Leon |
From @cpansproutOn Sun Jan 15 13:08:17 2012, LeonT wrote:
But it’s early afternoon! :-) -- Father Chrysostomos |
From @LeontOn Sun, Jan 15, 2012 at 10:07 PM, Leon Timmermans <fawaka@gmail.com> wrote:
Fix attached. I couldn't remove the cache entirely, as it's also used Leon |
From @Leont0001-Don-t-cache-gete-ug-id.patchFrom 61e31001d5a99be3815b06315075e9a4231fadb3 Mon Sep 17 00:00:00 2001
From: Leon Timmermans <fawaka@gmail.com>
Date: Sat, 11 Feb 2012 20:41:26 +0100
Subject: [PATCH] Don't cache gete?[ug]id
This could lead to subtle issues when the UID setting bypasses perl
---
mg.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/mg.c b/mg.c
index 14e9705..3762cd5 100644
--- a/mg.c
+++ b/mg.c
@@ -1109,16 +1109,16 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
SvNOK_on(sv); /* what a wonderful hack! */
break;
case '<':
- sv_setiv(sv, (IV)PL_uid);
+ sv_setiv(sv, (IV)PerlProc_getuid());
break;
case '>':
- sv_setiv(sv, (IV)PL_euid);
+ sv_setiv(sv, (IV)PerlProc_geteuid());
break;
case '(':
- sv_setiv(sv, (IV)PL_gid);
+ sv_setiv(sv, (IV)PerlProc_getgid());
goto add_groups;
case ')':
- sv_setiv(sv, (IV)PL_egid);
+ sv_setiv(sv, (IV)PerlProc_getegid());
add_groups:
#ifdef HAS_GETGROUPS
{
--
1.7.5.4
|
From @avarOn Sat, Feb 11, 2012 at 20:45, Leon Timmermans <fawaka@gmail.com> wrote:
I very much like where this patch is going, but IMO it needs some * You've changed it so that we now return the current and correct * Since the id swapping is only used by "PL_delaymagic &= ~DM_RUID;" This variable should not be made public. Thus programs on the CPAN * Code like the code in this ifdef in POSIX.xs can just go away: SysRet * It would also be informative to check how much of the CPAN is |
From @LeontOn Sat, Feb 11, 2012 at 9:42 PM, Ævar Arnfjörð Bjarmason
Yeah, that'd be a good idea. Though doing it properly may invite some
I took my approach because it's easiest. Existing code would Leon |
From @avarOn Sat, Feb 11, 2012 at 22:53, Leon Timmermans <fawaka@gmail.com> wrote:
I've implemented my proposal and pushed it to Remove gete?[ug]id caching Currently we cache the UID/GID and effective UID/GID similarly to how A minimal testcase for this is the following by Leon Timmermans eval { require 'syscall.ph'; 1 } or eval { require if (syscall(&SYS_setuid, I.e. if we call the sete?[ug]id() functions unbeknownst to perl the I'm completely eliminating the PL_egid, PL_euid, PL_gid and PL_uid The new PL_delaymagic_(egid|euid|gid|uid) variables I'm adding are I don't *think* this has any bugs, but I haven't extensively tested Review of this would be very appreciated, especially of the tricky |
From @LeontOn Sun, Feb 12, 2012 at 8:07 PM, Ævar Arnfjörð Bjarmason
One annoying and unusual complication is that testing is only possible
Looked ok on first read, but there may be trickiness indeed. Leon |
From @avarOn Sun Feb 12 11:09:03 2012, avarab@gmail.com wrote:
I've pushed an altered version of this as 985213f, which fixes this |
@avar - Status changed from 'open' to 'resolved' |
From @avarOn Sun Feb 12 11:09:03 2012, avarab@gmail.com wrote:
I've pushed an altered version of this as 985213f, which fixes this |
Migrated from rt.perl.org#96208 (status was 'resolved')
Searchable as RT96208$
The text was updated successfully, but these errors were encountered: