|Keep It Simple, Stupid|
Request for comments - Proc::UIDby pjf (Curate)
|on Jun 07, 2004 at 08:48 UTC||Need Help??|
Throughout this node when I will refer to Unix UIDs. However everything said also applies to Unix GIDs as well.
My current project is finding ways to improve Perl's handling of Unix privileges. Those of you on the p5p list will have recently seen some discussion from me in this regard.
Unix privileges are a difficult and often inconsistant area to work with. How privileges are handled and manipulated can change between operating systems, between releases of the same operating system, and upon the privileges of the user trying to manipulate privileges.
A good discussion on the tangle of Unix privileges can be found in Setuid Demystified by Chen, Wagner and Dean.
Perl's current handling of Unix privileges is presently incomplete for modern day Unix systems, and one of my goals is to make it complete. The most notable issues that currently exist are:
Proposed Solution - Proc::UID
In order to provide a consistant, portable, and easy-to-understand interface to the Unix UID tangle, I've started work on Proc::UID. This module is based upon the following design goals:
The the first goal (make available all Unix UIDs) involves coding the appropriate hooks for each Unix flavoured system. This work is not yet complete, but will occur as I arrange access to documentation and testing facilities for each operating system concerned.
The second goal (easy to understand) is achieved by providing a non-cached, variable based interface providing the variables $RUID, $EUID and $SUID, for real, effective, and saved UIDs respectively. Reading a variable retrieves the current UID value, and setting a variable attempts to change that UID (and only that UID) with the operating system.
The second goal is also served by presenting an equivilent functional interface with get[res]uid() and set[res]uid(). Again, these manipulate only a single UID at a time.
Finally, Proc::UID presents a preferred interface based upon the recommendations of Chen, Wagner and Dean. It provides three functions that allow for the most commonly executed logical UID manipulations:
The third goal, making it difficult for mistakes to happen, is served by having all code that attempts to change privileges check that the change succeeded. Any operation that is intended to permanently drop privileges will also test to ensure they cannot be regained. All the logical operations test to ensure that the expected goal state is obtained.
Any failure to achieve the expected results described above will result in an exception being thrown. This makes it difficult for a careless program to continue to operate after it has failed to successfully manipulate its privileges, and potentially perform undesirable operations.
I would appreciate feedback on the Proc::UID module, which I have released on CPAN for testing and review. Questions, comments, notifications of glaring holes, better ways to do things, existing wheels, or any other feedback is appreciated.
Perl Training Australia