From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Tue, 16 Aug 2005 23:31:36 +0400 From: Alexey Tourbin To: devel@altlinux.ru Message-ID: <20050816193136.GT19097@solemn.turbinal.org> Mail-Followup-To: devel@altlinux.ru Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xdFnWCcMW4kMaGnb" Content-Disposition: inline Subject: [devel] suid/sgid programs and temporary files X-BeenThere: devel@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Devel discussion list List-Id: ALT Devel discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2005 19:40:35 -0000 Archived-At: List-Archive: List-Post: --xdFnWCcMW4kMaGnb Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =F7 /usr/lib/perl5/File/Temp.pm =C5=D3=D4=D8 =C6=D5=CE=CB=C3=C9=D1 =D0=D2= =CF=D7=C5=D2=CB=C9 =D7=D2=C5=CD=C5=CE=CE=CF=C7=CF =CB=C1=D4=C1=CC=CF=C7=C1, =D7 =CB=CF=D4=CF=D2=CF=CD =C2=D5=C4=D5=D4 =D3=CF=DA=C4=C1=CE=D9 =D7=D2=C5= =CD=C5=CE=CE=D9=C5 =C6=C1=CA=CC=D9. 649 # internal routine to check to see if the directory is safe 650 # First checks to see if the directory is not owned by the 651 # current user or root. Then checks to see if anyone else 652 # can write to the directory and if so, checks to see if 653 # it has the sticky bit set =2E.. 668 sub _is_safe { 669 670 my $path =3D shift; 671 my $err_ref =3D shift; 672 673 # Stat path 674 my @info =3D stat($path); 675 unless (scalar(@info)) { 676 $$err_ref =3D "stat(path) returned no values"; 677 return 0; 678 }; 679 return 1 if $^O eq 'VMS'; # owner delete control at file level 680 681 # Check to see whether owner is neither superuser (or a system ui= d) nor me 682 # Use the real uid from the $< variable 683 # UID is in [4] 684 if ($info[4] > File::Temp->top_system_uid() && $info[4] !=3D $<) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^= ^^^ 685 686 Carp::cluck(sprintf "uid=3D$info[4] topuid=3D%s \$<=3D$< path= =3D'$path'", 687 File::Temp->top_system_uid()); 688 689 $$err_ref =3D "Directory owned neither by root nor the current = user" 690 if ref($err_ref); 691 return 0; 692 } =2E.. =F5=D3=CC=CF=D7=C9=D1 =D0=CF=C4=DE=C5=D2=CB=CE=D5=D4=CF=CA =D0=D2=CF=D7=C5= =D2=CB=C9 =CD=CF=D6=CE=CF =D0=C5=D2=C5=D7=C5=D3=D4=C9 =D0=D2=C9=CD=C5=D2=CE= =CF =CB=C1=CB st.st_uid > 10 && st.st_uid !=3D getuid() =F7=CF=D0=D2=CF=D3: =C8=CF=D2=CF=DB=CF =CC=C9, =DE=D4=CF =DA=C4=C5=D3=D8 = =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 real uid? =EE=C5 =CC=D5=DE=DB=C5 =CC= =C9 =D0=D2=CF=D7=C5=D2=D1=D4=D8 effective uid?=20 --xdFnWCcMW4kMaGnb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFDAj8XfBKgtDjnu0YRAnuDAJoDHEiWqBHV/Q9sm2fTGSFHLrrpTQCZAQJc z1pB6rOcR73E2EqpZukoiBY= =0T1t -----END PGP SIGNATURE----- --xdFnWCcMW4kMaGnb--