February 2012
Intermediate to advanced
1184 pages
37h 17m
English
Content preview from Programming Perl, 4th EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Unix Kernel Security Bugs
Beyond the obvious problems that stem from giving special privileges to
interpreters as flexible and inscrutable as shells, older versions
of Unix have a kernel bug that makes any set-id script insecure
before it ever gets to the interpreter. The problem is not the
script itself, but a race condition in what the kernel does when it
finds a set-id executable script. (The bug doesn’t exist on machines
that don’t recognize #!
in the kernel.) When a kernel opens such a file to see
which interpreter to run, there’s a delay before the (now set-id)
interpreter starts up and reopens the file. That delay gives
malicious entities a chance to change the file, especially if your
system supports symbolic links.
Fortunately, sometimes this kernel “feature” can be disabled. Unfortunately, there are a couple of different ways to disable it. The system can outlaw scripts with the set-id bits set, which doesn’t help much. Alternatively, it can ignore the set-id bits on scripts. In the latter case, Perl can emulate the setuid and setgid mechanism when it notices the (otherwise useless) set-id bits on Perl scripts. It does this via a special executable called suidperl, which is automatically invoked for you if it’s needed.[196] However, if the kernel set-id script feature isn’t disabled, Perl will complain loudly that your setuid script is insecure. You’ll either need to disable the kernel set-id script “feature” or put a C wrapper around the script. A C wrapper is just a compiled ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.