Use POSIX::setuid where available

custom/custom-lib.pl

@@ -482,15 +482,15 @@ if ($cmd->{'su'}) {
 	&print_tempfile(TEMP, "$str\n");
 	&close_tempfile(TEMP);
 	chmod(0755, $temp);
-	$got = &foreign_call("proc", "safe_process_exec",
+	$got = &proc::safe_process_exec(
 			     &command_as_user($user, 1, $temp), 0, 0,
 			     $fh, undef, !$cmd->{'raw'}, 0,
 			     $cmd->{'timeout'});
 	unlink($temp);
 	}
 else {
-	$got = &foreign_call("proc", "safe_process_exec", $str,
-			     $user_info[2], undef, $fh, undef,
+	$got = &proc::safe_process_exec(
+			     $str, $user_info[2], undef, $fh, undef,
 			     !$cmd->{'raw'}, 0, $cmd->{'timeout'});
 	}
 &reset_environment() if ($cmd->{'clear'});

proc/proc-lib.pl

@@ -100,13 +100,11 @@ return if ($module_info{'usermin'});	# already switched!
 if ($access{'uid'} < 0) {
 	local @u = getpwnam($remote_user);
 	@u || &error("Failed to find user $remote_user");
-	($(, $)) = ($u[3], "$u[3] $u[3]");
-	($>, $<) = ($u[2], $u[2]);
+	&switch_to_unix_user(\@u);
 	}
 elsif ($access{'uid'}) {
 	local @u = getpwuid($access{'uid'});
-	($(, $)) = ($u[3], "$u[3] $u[3]");
-	($>, $<) = ($u[2], $u[2]);
+	&switch_to_unix_user(\@u);
 	}
 }
 
@@ -164,14 +162,13 @@ else {
 		if ($_[1]) {
 			if (defined($_[2])) {
 				# switch to given UID and GID
-				($(, $)) = ($_[2], "$_[2] $_[2]");
-				($>, $<) = ($_[1], $_[1]);
+				&switch_to_unix_user(
+					[ undef, undef, $_[1], $_[2] ]);
 				}
 			else {
 				# switch to UID and all GIDs
 				local @u = getpwuid($_[1]);
-				($(, $)) = ($u[3], "$u[3] ".join(" ", $u[3], &other_groups($u[0])));
-				($>, $<) = ($u[2], $u[2]);
+				&switch_to_unix_user(\@u);
 				}
 			}
 

web-lib-funcs.pl

@@ -13,6 +13,7 @@ Example code:
 =cut
 
 use Socket;
+use POSIX;
 
 use vars qw($user_risk_level $loaded_theme_library $wait_for_input
 	    $done_webmin_header $trust_unknown_referers $unsafe_index_cgi
@@ -3565,7 +3566,7 @@ if ($gconfig{'umask'} && !$main::umask_already++) {
 if (!$main::nice_already && $main::webmin_script_type eq 'cron') {
 	# Set nice level
 	if ($gconfig{'nice'}) {
-		eval 'use POSIX; POSIX::nice($gconfig{\'nice\'});';
+		eval 'POSIX::nice($gconfig{\'nice\'});';
 		}
 
 	# Set IO scheduling class and priority
@@ -6324,10 +6325,22 @@ of user details, which must be in the format returned by getpwnam.
 sub switch_to_unix_user
 {
 my ($uinfo) = @_;
-($(, $)) = ( $uinfo->[3],
-	     "$uinfo->[3] ".join(" ", $uinfo->[3],
-			         &other_groups($uinfo->[0])) );
-($>, $<) = ( $uinfo->[2], $uinfo->[2] );
+if (!defined($uinfo->[0])) {
+	# No username given, so just use given GID
+	($(, $)) = ( $uinfo->[3], "$uinfo->[3] $uinfo->[3]" );
+	}
+else {
+	# Use all groups from user
+	($(, $)) = ( $uinfo->[3],
+		     "$uinfo->[3] ".join(" ", $uinfo->[3],
+					 &other_groups($uinfo->[0])) );
+	}
+eval {
+	POSIX::setuid($uinfo->[2]);
+	};
+if ($< != $uinfo->[2] || $> != $uinfo->[2]) {
+	($>, $<) = ( $uinfo->[2], $uinfo->[2] );
+	}
 }
 
 =head2 create_user_config_dirs
@@ -8595,6 +8608,7 @@ sub clear_time_locale
 {
 if ($main::clear_time_locale_count == 0) {
 	eval {
+		use POSIX;
 		$main::clear_time_locale_old = POSIX::setlocale(POSIX::LC_TIME);
 		POSIX::setlocale(POSIX::LC_TIME, "C");
 		};