Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Setuid problems with perl 5.8.4?

Reply
Thread Tools

Setuid problems with perl 5.8.4?

 
 
Roy Smith
Guest
Posts: n/a
 
      06-03-2004
I've got a perl script that runs setuid root. It used to run just fine
under perl 5.00503 (on RedHat 6.1 linux).

I recently upgraded to perl 5.8.4 and now it's behaving as if it were
not setuid. It doesn't print any errors, but acts as if it were not
setuid. Has anything changed between those two versions which might
affect setuid behavior?
 
Reply With Quote
 
 
 
 
David Efflandt
Guest
Posts: n/a
 
      06-03-2004
On Wed, 02 Jun 2004 21:20:14 -0400, Roy Smith <(E-Mail Removed)> wrote:
> I've got a perl script that runs setuid root. It used to run just fine
> under perl 5.00503 (on RedHat 6.1 linux).
>
> I recently upgraded to perl 5.8.4 and now it's behaving as if it were
> not setuid. It doesn't print any errors, but acts as if it were not
> setuid. Has anything changed between those two versions which might
> affect setuid behavior?


Due to security concerns, suidperl for recent Perl versions is not suid by
default, but you could likely make it so if you understand the risks (and
perldoc perlsec). Or you could use an suid binary (like C) wrapper to run
that particular script.

Of course running anything suid will not run directly under apache suexec,
due to its safeguards (but could work indirectly).

--
David Efflandt - All spam ignored http://www.de-srv.com/
 
Reply With Quote
 
 
 
 
Ben Morrow
Guest
Posts: n/a
 
      06-03-2004

Quoth http://www.velocityreviews.com/forums/(E-Mail Removed) (David Efflandt):
> On Wed, 02 Jun 2004 21:20:14 -0400, Roy Smith <(E-Mail Removed)> wrote:
> > I've got a perl script that runs setuid root. It used to run just fine
> > under perl 5.00503 (on RedHat 6.1 linux).
> >
> > I recently upgraded to perl 5.8.4 and now it's behaving as if it were
> > not setuid. It doesn't print any errors, but acts as if it were not
> > setuid. Has anything changed between those two versions which might
> > affect setuid behavior?

>
> Due to security concerns, suidperl for recent Perl versions is not suid by
> default, but you could likely make it so if you understand the risks (and
> perldoc perlsec). Or you could use an suid binary (like C) wrapper to run
> that particular script.
>
> Of course running anything suid will not run directly under apache suexec,
> due to its safeguards (but could work indirectly).


Surely under modern systems with safe setid scripts (i.e. with /dev/fd)
suidperl doesn't come into it any more?

$ su
# cat > suid
#!/usr/bin/perl

print $<, ',', $>, "\n";
^D
# chmod 4755 suid
# ^D
$ ./suid
1000,0
$

OTOH, if your script *does* use suidperl, then you can simply change it
to using ordinary perl instead. As I understand (but I am certainly no
expert) this is safer than having a setid suidperl executable.

Ben

--
Like all men in Babylon I have been a proconsul; like all, a slave ... During
one lunar year, I have been declared invisible; I shrieked and was not heard,
I stole my bread and was not decapitated.
~ (E-Mail Removed) ~ Jorge Luis Borges, 'The Babylon Lottery'
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FAQ 8.22 Why do setuid perl scripts complain about kernel problems? PerlFAQ Server Perl Misc 0 04-07-2011 10:00 AM
Perl IPC::open use in a setuid program Larry W. Virden Perl Misc 2 12-01-2008 10:52 PM
Perl with setuid enabled prattm@gmail.com Perl Misc 3 11-11-2006 01:16 PM
Help untaining the command. Insecure dependency in `` ... setuid danpres2k Perl 0 08-13-2003 03:21 PM
chmod or setuid? Need to give script permission to write files Michael Lubavin Perl 1 07-25-2003 01:16 AM



Advertisments