El Fri, 22 Apr 2016 13:05:28 +0300, Shlomi Fish escribió: > The way I understand the basic Unix permissions and privileges model > (which is before SELinux and other more complex stuff was introduced) > the way you gain root or other users privileges is by executing (using > EXECVE - possibly after forking first) an SUID or SGID executable which > then runs as a process under a new user. > > This executable can be sudo, or "su" or something else entirely. "sudo" > is a configurable and flexible way to do that and probably will be the > easiest approach to provide with certain users with the permission to > run certain perl code (or other executables) as a different user. > > But there is no built-in Perl magic bullet that can be used instead, as > far as I know. > > Regards, > > Shlomi Fish
SUID and SGID are tricky matters. Common security advice is not to have SUID or SGID scripts because sometimes you can cause a race condition and run arbitrary scripts with the privileges of the owner of the script. Which is really bad. I am not use it happens with the Perl interpreter, but it is worth looking into it. The solution is said to be to use a wrapper program that is not an interpreted script. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
