perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Volker Kroll <kr...@webgods.de>
Subject Re: [mp2] mod_perl test suite fails
Date Tue, 09 Dec 2003 10:45:34 GMT
On Tue, 2003-12-09 at 00:09, Stas Bekman wrote:
> [Volker has sent me the long output offline, so I'm just quoting the 
> interesting parts here]
> 
> >> I also want to see the console messages (not error_log) when you run 
> >> from under /root/mod_perl-1.99_11/ as you did it in first place.
> 
>  > ulimit -c unlimited; t/TEST -bugreport -verbose=0
>  > *** root mode: changing the files ownership to 'nobody' (99:99)
>  > *** /usr/bin/perl -e '     require POSIX;     POSIX::setuid(99);
>  > POSIX::setgid(99);     print -r q{/root/mod_perl-1.99_11/t} &&  -w _ &&
>  > -x _ ? q{OK} : q{NOK}; '
>  >
>  > *** result: OK
> 
> That explains the problem. My test to check whether user 'nobody' will be able 
> to access files under /root seems to pass, but when Apache starts as nobody it 
> doesn't.
> 
> Can you please show us the perms of your /root directory? e.g. on my machine it's:
> 
> drwx------   43 root     root         4096 Dec  8 14:31 root
drwxr-x---   19 root     root         4096 Dec  8 19:11 root
(Bad permissions for a root directory, but it is default on fedora core.

> % grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin

> 
> May be POSIX::setuid(99) fails? Does running the following as root:
> 
> % /usr/bin/perl -le 'require POSIX; POSIX::setuid(99); POSIX::setgid(99); \
>    print -r q{/root} &&  -w _ && -x _ ? q{OK} : q{NOK}; '
> 
> gives you:
> 
> OK?

Yes it does.
> 
> If it does, the following will probably fail too:
> 
> perl -le 'require POSIX; POSIX::setuid(99) or die "failed to run: $@";'

no error/ no output with this line.

> 
> and this?
> 
> % /usr/bin/perl -le 'require POSIX;  \
>    POSIX::setuid(99) or die "NOK"; \
>    POSIX::setgid(99) or die "NOK"; \
>    print -r q{/root} &&  -w _ && -x _ ? q{OK} : q{NOK}; '
gives OK

Regards
Volker


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message