Bug #21262 for Net-Server: on 5.6, POSIX::setuid only changes UID, leading to problems

RT for rt.cpan.org

This queue is for tickets about the Net-Server CPAN distribution.

Report information

The Basics

Id:	21262
Status:	resolved
Priority:	0/
Queue:	Net-Server

People

Owner:	Nobody in particular
Requestors:	rjbs [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Fri Sep 01 10:54:40 2006 rjbs [...] cpan.org - Ticket created

Subject:

on 5.6, POSIX::setuid only changes UID, leading to problems

Net::Server::Daemonize::set_uid calls POSIX::setuid and then checks that UID was changed. It does not check that EUID and UID match. On 5.6.1's POSIX, setuid only changes UID. That means that UID and EUID do not match, and taint mode is automatically enabled. set_uid should check that ($> == $uid) and ($< == $uid). -- rjbs

Thu Feb 01 18:03:17 2007 paul [...] seamons.com - Correspondence added

The next version will be released in a few days and will have the following code. Thanks for the report. POSIX::setuid($uid); if ($< != $uid || $> != $uid) { # check $> also (rt #21262) $< = $> = $uid; # try again - needed by some 5.8.0 linux systems (rt #13450) if ($< != $uid) { die "Couldn't become uid \"$uid\": $!\n"; } }

Thu Feb 01 18:03:22 2007 The RT System itself - Status changed from 'new' to 'open'

Thu Feb 01 18:03:24 2007 paul [...] seamons.com - Status changed from 'open' to 'resolved'