From owner-freebsd-questions Sun Nov 10 1:59:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 268F537B401 for ; Sun, 10 Nov 2002 01:59:54 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3037243E42 for ; Sun, 10 Nov 2002 01:59:53 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gAA9xopj067474 for ; Sun, 10 Nov 2002 09:59:50 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gAA9xi5o067473 for freebsd-questions@FreeBSD.ORG; Sun, 10 Nov 2002 09:59:44 GMT Date: Sun, 10 Nov 2002 09:59:44 +0000 From: Matthew Seaman To: FreeBSD maillist Subject: Re: CGI using suidperl question? Message-ID: <20021110095944.GB67029@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , FreeBSD maillist References: <20021110090537.27379.qmail@web20003.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021110090537.27379.qmail@web20003.mail.yahoo.com> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-2.2 required=5.0 tests=IN_REP_TO,REFERENCES,SPAM_PHRASE_00_01,USER_AGENT, USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Nov 10, 2002 at 01:05:37AM -0800, Vincent Chen wrote: > Hi, all > > I got to write a CGI to handle network interface on > freebsd. After some tests have done, I found a > possible issue.My apache running as www and my cgi has > suid bit set,it seems that suidperl only set euid, but > real uid still www and some tasks can be done. This is > the output that my CGI call /usr/bin/id: > > uid=80(www) euid=0(root) gid=80(www) groups=80(www) > > Is it possible to hide real uid www and replace it wit > root? See the perlvar(1) manual page (or equivalently 'perldoc perlvar'): $REAL_USER_ID $UID $< The real uid of this process. (Mnemonic: it's the uid you came from, if you're running setuid.) $EFFECTIVE_USER_ID $EUID $> The effective uid of this process. Example: $< = $>; # set real to effective uid ($<,$>) = ($>,$<); # swap real and effective uid (Mnemonic: it's the uid you went to, if you're running setuid.) < $< > and < $ >> can be swapped only on machines supporting setreuid(). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message