The stupid question is the question not asked | |
PerlMonks |
Re^4: setuid script won't behave in 5.10, but did in 5.8by isidore (Initiate) |
on Mar 23, 2010 at 07:11 UTC ( [id://830216]=note: print w/replies, xml ) | Need Help?? |
Thanks for the information.
That is VERY Bad News. This is going to break my perl program and probably cost me at least 2 man weeks to code up an alternative - which seems like it is now going to have to be written in another language. This is a bad day for my love affair with Perl :(((( The message in the deprecation announcement is very cryptic - do you know where I can find more information on the subject? - does it mean, for example, that everything documented in the live perlsec page http://perldoc.perl.org/perlsec.html (which still starts with the very enticing sentence "Perl is designed to make it easy to program securely even when running with extra privileges, like setuid or setgid programs.") is now being stripped out of perl - why then doesn't that page warn of the deprecation? Similarly http://perldoc.perl.org/perlvar.html (for version 5.10.1) still happily reports in the bit about $EFFECTIVE_USER_ID that the setuid construct I mentioned at the start of this thread is still provided with no deprecation warnings to be found. I am also puzzled about the wording of the deprecation notice: "suidperl ... provides a mechanism to emulate setuid permission bits on systems that don't support it properly". Linux DOES support setuid properly. Everything from (e.g.) Stevens' book "Advanced Unix programming" is supported. Added after original post: I've just discovered what is meant: Linux doesn't fully honour setuid bits on scripts. Further the perlsec page does mention the deprecation deep down at the bottom. It also suggests a solution - so it seems my life has been saved :))). Thanks to those who responded.
In Section
Seekers of Perl Wisdom
|
|