All geek questions in one place

Why doesn't the file verification statement work (Perl)?

In "Perl Programming" -w a file validation statement described as:

-w The file is writable using the effective UID / GID.

I have two files:

 -rwsrwxrwx 1 testuser testuser 226 Jul 20 20:31 script.pl -rw-rw-r-- 1 testuser testuser 34 Jul 14 17:24 file.txt

suid installed on script.pl , so when I run it as a custom calibration, the effective UID / GID should be a testoster. script.pl :

 #!/usr/bin/perl use v5.14; if (-w 'file.txt') { say "true"; } else { say "false"; }

But when I run it caligula@ubuntu-host :~$ ./script.pl , the output is always false . Why is this happening, maybe I did not understand the correct use of this operator?

My thanks.

+6
source share
1 answer

Perl can be configured to ignore SUID scripts; this is the default and most likely the way you are configured. You must print the real and effective UID and GID in the script.

You can verify this specifically with Perl's modestly hidden single-line interface:

 $ perl -MConfig -e 'foreach $key (keys %Config) { print "$key = $Config{$key}\n"; }' | > grep -i -e 'se*t*[ug]id' d_dosuid = d_setresgid = define d_setresuid = define d_suidsafe = $

Or, a little less obscure, now I have found the correct name:

 $ perl -MConfig -e 'print "d_suidsafe = $Config{d_suidsafe}\n"' d_suidsafe = $

This shows that this Perl (built by me on 5.12.1) does not consider SUID scripts safe.

Real and effective values ​​for user and group identifiers can be obtained using: RUID $< , EUID $> , RGID $( and EGID $) or (more reasonably) using English:

 #!/usr/bin/env perl use English '-no_match_vars'; print "EUID = $EUID; RUID = $UID; EGID = $EGID; RGID = $RGID\n";
+11
source

Source: https://habr.com/ru/post/920989/

More articles:


All Articles