| Subject: | Fails to drop supplemental groups |
This code doesn't drop privileges correctly:
my $gid = getgrnam( $group ); die "Get group $group: $!" if $gid == 0;
setgid( $gid ); $) = $gid; $( = $gid; die "Set group $group($gid): $!"
if ( $( != $gid ) or ( $) != $gid );
example:
# perl -e 'use POSIX; POSIX::setgid(99); $( = 99; $) = 99; print "$)\n";'
99 0
you should use
$) = "$gid $gid";
instead of
$) = $gid;
example:
# perl -e 'use POSIX; POSIX::setgid(99); $( = 99; $) = "99 99"; print
"$)\n";'
99 99