Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:12748 comp.lang.perl:30149
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!uhog.mit.edu!grapevine.lcs.mit.edu!ginger.lcs.mit.edu!wollman
From: wollman@ginger.lcs.mit.edu (Garrett Wollman)
Newsgroups: comp.os.386bsd.questions,comp.lang.perl
Subject: Re: suidperl on FreeBSD-1.1.5.1
Date: 29 Aug 1994 18:53:40 GMT
Organization: MIT Laboratory for Computer Science
Lines: 84
Message-ID: <33tark$sba@GRAPEVINE.LCS.MIT.EDU>
References: <94Aug27.154655.3394@eeubln.in-berlin.de>
NNTP-Posting-Host: ginger.lcs.mit.edu
In article <94Aug27.154655.3394@eeubln.in-berlin.de>,
Nora E. Etukudo <nora@eeubln.IN-Berlin.DE> wrote:
>I can't get 'suid'ed perl scripts working on FreeBSD-1.1.5.1 RELEASE.
>I've build perl-4.036 on Interactive UNIX-3.xx/4.0, SCO-3.2.4.1 and
>several Linuces. Only on FreeBSD, I get the message
>
> "Can't swap uid and euid."
This is probably perl coming to grips with the fact that setreuid() is
no longer completely general. Here's how what setreuid() is
implemented (NB: this is taken from 4.4-Lite, but the implementation
is the same). Please forgive the hideously long Berkeley copyright
message. If you look at /sys/kern/kern_prot.c, you'll see a very
similar piece of code on the kernel side as well.
/*
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)setreuid.c 8.1 (Berkeley) 6/2/93";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <errno.h>
int
setreuid(ruid, euid)
uid_t ruid, euid;
{
static uid_t saveduid = -1;
if (saveduid == -1)
saveduid = geteuid();
/*
* we assume that the intent here is to be able to
* get back ruid priviledge. So we make sure that
* we will be able to do so, but do not actually
* set the ruid.
*/
if (ruid != -1 && ruid != getuid() && ruid != saveduid) {
errno = EPERM;
return (-1);
}
if (euid != -1 && seteuid(euid) < 0)
return (-1);
return (0);
}
--
Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ...
wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence. We like people
MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant