Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

use Perl Log In

[ Create a new account ]

merlyn (47)

merlyn
merlyn@stonehenge.com
http://www.stonehenge.com/merlyn/
AOL IM: realmerlyn (Add Buddy, Send Message)
Yahoo! ID: realmerlyn (Add User, Send Message)

PAUSE-ID: MERLYN [cpan.org].
See my home page [stonehenge.com].

Journal of merlyn (47)

Saturday December 17, 2005

03:11 PM

Broken security advisory (again)

[ #28037 ]

As found in this advisory (as well as being picked up a few other dozen places on the net):

The security issue is caused due to the Perl binary included with Mac OS X not correctly dropping privileges when a Perl application uses the "$< = numeric_id;" statement to set its uid. The issue may be caused due to wrong compilation options being selected when compiling the Perl binary.

What are these nutheads smoking? That variable doesn't control effective UID. It controls real UID, which has nothing to do with the effective privileges.

How do people get that messed up? I dunno. Maybe we need better books. {grin}

List all Journal entries

Broken security advisory (again) More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Confusing (Score:2)

by bart (450)

I don't understand the technical background behind the variables $<, $> , $( and $).

Perhaps an idea for a column?

Or perhaps you did one already, and I just don't know about it.

My current solution is to simply stay away from writing or touching code that requires that knowledge. :)
- Re:Confusing (Score:2)
  
  by Dom2 (2981)
  
  There's some good background info in this paper [berkeley.edu].
  -Dom
Dropping privileges in Perl (Score:1)

by pjf (2464)

The advisory itself is rather vague and unhelpful. I'm surprised it exists at all. However it does provide an excellent opportunity to talk about Unix privileges and Perl. Randal, I hope you don't mind me using your journal too much for this purpose. ;)

Dropping privileges in Perl is notoriously hard, and stems primarily from the fact that most unix systems provide at least three flavours of uid (real, effective, and saved), whereas Perl provides only two (real and effective). The saved uid, the one
- Re:Dropping privileges in Perl (Score:1)
  
  by jmason (3282)
  
  Perl on MacOS (and possibly other BSDish platforms) *does* indeed have some unportable wierdness regarding uid/euid handing, as we found in this SpamAssassin bug report [apache.org].
  It appeared that some perl versions required RUID==EUID==0 before $ = 100; $" would silently fail to drop RUID==0 privs, and instead leave it at 0. To quote the bug report:
  Interestingly, the same exact issue occurs on my Mac OS X machine, but not any of the other platforms I have access to... root# perl -e 'sub p {print "RUID: $<,
  - Re:Dropping privileges in Perl (Score:1)
    
    by jmason (3282)
    
    'It appeared that some perl versions required RUID==EUID==0 before $ = 100; $" would silently fail to drop RUID==0 privs, and instead leave it at 0.'
    
    well, that made no sense. sorry; forgot to escape $< and $>. anyway, read the pasted code; it's all pretty clear there.