[sf-perl] why 'eq' and not '==' in perlsec man page?
Daniel Lo
woof at danlo.com
Tue Sep 4 11:53:51 PDT 2007
Hello David,
On my system $EGID will return all the groups I belong to,
thus it will be a string of digits. (some are even repeats)
"1001 1002 1003 1004" etc..
-daniel
Tuesday, September 4, 2007, 11:42:14 AM, you wrote:
> Greetings,
> Was looking at some code on the perlsec man page:
> use English '-no_match_vars';
> die "Can't fork: $!" unless defined($pid = open(KID, "-|"));
> if ($pid) { # parent
> while (<KID>) {
> # do something
> }
> close KID;
> } else {
> my @temp = ($EUID, $EGID);
> my $orig_uid = $UID;
> my $orig_gid = $GID;
> $EUID = $UID;
> $EGID = $GID;
> # Drop privileges
> $UID = $orig_uid;
> $GID = $orig_gid;
> # Make sure privs are really gone
> ($EUID, $EGID) = @temp;
> die "Can't drop privileges"
> unless $UID == $EUID && $GID eq $EGID;
> $ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH.
> # Consider sanitizing the environment even more.
> exec 'myprog', 'arg1', 'arg2'
> or die "can't exec myprog: $!";
> }
> In the statement:
> die "Can't drop privileges"
> unless $UID == $EUID && $GID eq $EGID;
> I was wondering why they used '==' and then 'eq'. In this particular
> case, we can always expect the group ID's to be non-leading-zero
> integers. Do you think the 'eq' was a typo in the man page?
> Thanks,
> David
--
Best regards,
Daniel mailto:woof at danlo.com
More information about the SanFrancisco-pm
mailing list