Re: perl privilege drop

[Edgar Pettijohn]

On Jul 24, 2019 9:06 PM, Andrew Hewus Fresh <and...@afresh1.com> wrote:
>
> On Sat, Jul 20, 2019 at 07:20:23PM -0500, Edgar Pettijohn wrote:
> > Is there a standard OpenBSD approved method for dropping privileges in
> > a perl server? Currently looking into Privileges::Drop, but since it
> > isn't in base makes me curious if there is a better way.
>
>
> It's relatively easy to do it yourself like I did in this Plack example.
>
> https://gist.github.com/afresh1/558fc0b4dfbeab0fbd59
>
>     use POSIX qw( setuid setgid );
>     chroot $root || die "Couldn't chroot to $root: $!";
>     setgid($gid) || die "Couldn't setgid $group [$gid]: $!";
>     setuid($uid) || die "Couldn't setuid $user [$uid]: $!";
>

That's too easy. I was expecting it to be more difficult.

Thanks,

Edgar
> I don't know exactly what you're looking for though, so maybe
> OpenBSD::Pledge(3p) or OpenBSD::Unveil(3p) are more what you want?
>
> http://man.openbsd.org/OpenBSD::Pledge
> http://man.openbsd.org/OpenBSD::Unveil
>
>
> l8rZ,
> -- 
> andrew - http://afresh1.com
>
> ($do || !$do) && undef($try) ;  # Master of Perl, Yoda is.  Hmmmm?
>