#!/usr/local/bin/perl

# Example of checks to perform in CGI scripts that are running
# with set-user-id or set-group-id permissions.

# See "Web Security, A Step-by-Step Reference Guide" by Lincoln Stein, page 334

$WEB_USER = 50;
$WEB_GROUP = 50;

print "The file is ", check_suid() ? "OK" : "NOT OK","\n";

sub check_suid {
    my $user_from = $<;		# ID of launching process
    my $user_to = $>;		# ID that we're suid -to-

    my $group_from = $(;
    my $group_to = $);

    # not running suid or sgid, so no checks needed
    return 1 if ($group_from == $group_to) && ($user_from == $user_to);

    do { warn "Can't be suid/sgid root"; return undef } 
       if ($user_to == 0) || ($group_to == 0);

    # fail unless we were launched by correct user & group
    do { warn "Not launched by web user"; return undef }
       undef unless $user_from == $WEB_USER;
    do { warn "Not launched by web group"; return undef }
       unless $group_from == $WEB_GROUP;

    # fail if the script is writable by the user or group
    # of the process that launched it
    do { warn "Writable by invoking process"; return undef }
       if -W $0;
    return 1;
}