perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: [mp2] mod_perl test suite fails
Date Tue, 09 Dec 2003 17:57:56 GMT
Volker Kroll wrote:
> On Tue, 2003-12-09 at 18:25, Stas Bekman wrote:
> 
> 
>>% su - nobody
> 
> This account is currently not available.
> 
> 
> So I think, here is the problem:
> grep ^nobody /etc/passwd
> nobody:x:99:99:Nobody:/:/sbin/nologin
>                         ^^^^^^^^^^^^
> nobody cannot login and allocate a shell
> 
> 
>>The 'su - nobody' test above should give us the answer 
>>where the fault is.
> 
> 
> and it does :-)

Which probably means that your perl POSIX implementation is broken.

I've tried to emulate your case:
nobody:x:65534:65534:Nobody:/:/sbin/nologin
before it was:
nobody:x:65534:65534:Nobody:/:/bin/sh

% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@"; 
POSIX::setgid(65534) or die "failed to setgid: $@"; \    print -r q{/root} && 
  -w _ && -x _ ? q{OK} : q{NOK}; '
failed to setgid:  at -e line 1.

As you can see setgid has failed, but not setuid. Does this fail for you:

% perl -le 'require POSIX; POSIX::setgid(99) or die "failed to run: $@";'

I wonder why setuid doesn't fail for me:
% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@"; 
                                                           \
   print -r q{/root} &&  -w _ && -x _ ? q{OK} : q{NOK}; '
OK

I think this is definitely broken on my machine, since my /root is drwx------ 
and that means that setuid() didn't do its job and the process is still 
running as the root user.

So if you change /etc/passwd's nobody entry to have /bin/sh instead of 
/sbin/nologin the test suite should now successfully detect that it won't be 
able to work from that directory.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message