On Sat, Jul 20, 2019 at 07:20:23PM -0500, Edgar Pettijohn wrote: > Is there a standard OpenBSD approved method for dropping privileges in > a perl server? Currently looking into Privileges::Drop, but since it > isn't in base makes me curious if there is a better way.
It's relatively easy to do it yourself like I did in this Plack example. https://gist.github.com/afresh1/558fc0b4dfbeab0fbd59 use POSIX qw( setuid setgid ); chroot $root || die "Couldn't chroot to $root: $!"; setgid($gid) || die "Couldn't setgid $group [$gid]: $!"; setuid($uid) || die "Couldn't setuid $user [$uid]: $!"; I don't know exactly what you're looking for though, so maybe OpenBSD::Pledge(3p) or OpenBSD::Unveil(3p) are more what you want? http://man.openbsd.org/OpenBSD::Pledge http://man.openbsd.org/OpenBSD::Unveil l8rZ, -- andrew - http://afresh1.com ($do || !$do) && undef($try) ; # Master of Perl, Yoda is. Hmmmm?
