Perl 编写了一个系统的服务程序(见文章
另类的 Linux在线文本打印和基于 Perl的 Web Service ),开机时候利用 rc.d启动,但是运行时刻都是 root权限,对于脚本程序,比起二进制的ELF文件,毕竟更怕些,嘻,因为比较容易暴露源代码…
为了保障运行的稳定性,也让系统更稳定一些,我们需要类似 setuid之类的函数,在不需要特权的时候,以一个伪用户权限运行。
Perl 在处理这权限,用 $< 和 $>,如下:
$< The real uid of this process. (Mnemonic: it's the uid you came
*from*,
if you're running setuid.) You can change both the real
uid
and the
effective uid at the same time by using
POSIX::setuid(). Since changes to $< require a system call,
check
$! after a change attempt
to detect any possible errors.
$> The effective
uid of this process. Example:
$< = $>; #
set real to effective uid
($<,$>) = ($>,$<); #
swap real and effective uid
You
can change both the effective uid and the real uid at the
same
time by using
POSIX::setuid(). Changes to $> require a
check
to $! to detect any possible
errors after an attempted
change.
(Mnemonic: it's the uid you went *to*, if
you're running
setuid.) $< and $> can be swapped only on machines
supporting
setreuid().
|
简单的 $< 用法如下:
#!/usr/bin/perl
$> = 0;
system "whoami";
$> = 1000;
system "whoami";
$> = 0;
system "whoami";
|
运行效果如下:
# ./test.pl
root
dorainm
root
#
|
阅读(2562) | 评论(0) | 转发(0) |
