Date: Sun, 10 Nov 2002 09:59:44 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD maillist <freebsd-questions@FreeBSD.ORG> Subject: Re: CGI using suidperl question? Message-ID: <20021110095944.GB67029@happy-idiot-talk.infracaninophi> In-Reply-To: <20021110090537.27379.qmail@web20003.mail.yahoo.com> References: <20021110090537.27379.qmail@web20003.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 10, 2002 at 01:05:37AM -0800, Vincent Chen wrote:
> Hi, all
>
> I got to write a CGI to handle network interface on
> freebsd. After some tests have done, I found a
> possible issue.My apache running as www and my cgi has
> suid bit set,it seems that suidperl only set euid, but
> real uid still www and some tasks can be done. This is
> the output that my CGI call /usr/bin/id:
>
> uid=80(www) euid=0(root) gid=80(www) groups=80(www)
>
> Is it possible to hide real uid www and replace it wit
> root?
See the perlvar(1) manual page (or equivalently 'perldoc perlvar'):
$REAL_USER_ID
$UID
$< The real uid of this process. (Mnemonic: it's the
uid you came from, if you're running setuid.)
$EFFECTIVE_USER_ID
$EUID
$> The effective uid of this process. Example:
$< = $>; # set real to effective uid
($<,$>) = ($>,$<); # swap real and effective uid
(Mnemonic: it's the uid you went to, if you're
running setuid.) < $< > and < $ >> can be swapped
only on machines supporting setreuid().
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021110095944.GB67029>