[sf-perl] why 'eq' and not '==' in perlsec man page?
David Alban
extasia at extasia.org
Tue Sep 4 11:42:14 PDT 2007
Greetings,
Was looking at some code on the perlsec man page:
use English '-no_match_vars';
die "Can't fork: $!" unless defined($pid = open(KID, "-|"));
if ($pid) { # parent
while (<KID>) {
# do something
}
close KID;
} else {
my @temp = ($EUID, $EGID);
my $orig_uid = $UID;
my $orig_gid = $GID;
$EUID = $UID;
$EGID = $GID;
# Drop privileges
$UID = $orig_uid;
$GID = $orig_gid;
# Make sure privs are really gone
($EUID, $EGID) = @temp;
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
$ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH.
# Consider sanitizing the environment even more.
exec 'myprog', 'arg1', 'arg2'
or die "can't exec myprog: $!";
}
In the statement:
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
I was wondering why they used '==' and then 'eq'. In this particular
case, we can always expect the group ID's to be non-leading-zero
integers. Do you think the 'eq' was a typo in the man page?
Thanks,
David
--
Live in a world of your own, but always welcome visitors.
More information about the SanFrancisco-pm
mailing list