In perlsec, there is the following code that drops privileges (the line numbers have been added by me):
1 my @temp = ($EUID, $EGID); 2 my $orig_uid = $UID; 3 my $orig_gid = $GID; 4 $EUID = $UID; 5 $EGID = $GID; 6 # Drop privileges 7 $UID = $orig_uid; 8 $GID = $orig_gid; 9 # Make sure privs are really gone10 ($EUID, $EGID) = @temp;11 die "Can't drop privileges"12 unless $UID == $EUID && $GID eq $EGID;13 $ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH.14 # Consider sanitizing the environment even more.15 exec 'myprog', 'arg1', 'arg2'16 or die "can't exec myprog: $!";I thought that I had understood the concept of real user ids, effective user ids and saved user ids, but I admit that I have no chance to understand this code. perlvar has explanations about $GID, $EGID, $UID and $EUID and states that it uses a system call to alter them, but does not state which system call that is; this might be part of my problem.
Could somebody please explain what happens there?
Notably, lines 7 and 8 don't make any sense, unless lines 4 and 5 change the values of $UID and $GID. But as far as I have understood from perlvar, the latter should not be the case. Rather, perlvar explicitly states:
You can change both the real gid and the effective gid at the same time by using POSIX::setgid().
This citation is from the section about $GID, but there are similar statements in the sections about $UID, $EGID and $EUID. Since the sample code uses simple assignments instead of those POSIX functions, I strongly assume that lines 4 and 5 change only $EUID and EGID, not $UID or $GID. Given that, what are the lines 7 and 8 needed for?
If I would be able to understand this, I guess I could understand the rest of the code as well.
If somebody takes the time, it would probably be sufficient to focus on $UID and $EUID. I also have understood that we should clean the environment etc. and how we should call exec. So it's "only" the (E)UID/(E)GID assignments that I don't understand.
Finally, I am convinced that this is not a duplicate question:
There are several (seemingly) similar questions about Perl and effective and real user ids on this site, but they are "How do I drop privileges"-questions. None of these questions neither the answers to them mention the pattern from the code above. Rather, the code in the answers consists of one or two lines of Perl, or the answers simply recommend using modules (e.g., Privileges::Drop).
In contrast, I specifically would like to understand how the pattern above works and why it is necessary at all, given that the answers to respective other questions on this site make the impression that it's quite trivial to drop privileges in Perl.