Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > trouble writing a setuid script

Reply
Thread Tools

trouble writing a setuid script

 
 
Peter Michaux
Guest
Posts: n/a
 
      08-30-2008
Hi,

I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details.

$ ls -Al
total 8
-rw-r--r-- 1 root wheel 0 29 Aug 23:52 log
-rwsr-xr-x 1 root wheel 145 29 Aug 23:52 logger.pl*
$ cat log
$ cat logger.pl
#!/usr/bin/perl -w

use strict;
use warnings;

my $FILE;
open(FILE, ">> log") or die "couldn't open: ";
print(FILE "hello, world");
close(FILE);
$ whoami
peter
$ ./logger.pl
couldn't open: at ./logger.pl line 7.
$ sudo ./logger.pl
Password:
$ cat log
hello, world

So the script works when I "sudo" but not when the script runs as my
normal "peter" user.

Any ideas why it doesn't work and what I need to change?

(I don't run into any errors when writing the same program in C.)

Thanks,
Peter
 
Reply With Quote
 
 
 
 
magloca
Guest
Posts: n/a
 
      08-30-2008
Peter Michaux @ Saturday 30 August 2008 09:07:

> Hi,
>
> I'm trying to write a setuid script and can't make it happen. I've
> trimmed it down to the very simple example below trying to have a
> logger.pl script add a message to a log file. This is my Bash
> transcript with all the pertinent details.

[code snipped]
> (I don't run into any errors when writing the same program in C.)


Yeah, I tried to do something like that once, too. Turned out the setuid
flag is ignored on scripts; it's only allowed on (binary) executables.
So that's also why your compiled C program works.

m.
 
Reply With Quote
 
 
 
 
Peter Michaux
Guest
Posts: n/a
 
      08-30-2008
On Aug 30, 1:20*am, magloca <(E-Mail Removed)> wrote:
> Peter Michaux @ Saturday 30 August 2008 09:07:
>
>
>
> > Hi,

>
> > I'm trying to write a setuid script and can't make it happen. I've
> > trimmed it down to the very simple example below trying to have a
> > logger.pl script add a message to a log file. This is my Bash
> > transcript with all the pertinent details.

> [code snipped]
> > (I don't run into any errors when writing the same program in C.)

>
> Yeah, I tried to do something like that once, too. Turned out the setuid
> flag is ignored on scripts; it's only allowed on (binary) executables.
> So that's also why your compiled C program works.


It seems it must be possible to write a setuid script because there is
a lot of fuss about it in "perldoc perlsec" which is also part of the
camel book.

Peter
 
Reply With Quote
 
Joost Diepenmaat
Guest
Posts: n/a
 
      08-30-2008
Peter Michaux <(E-Mail Removed)> writes:

> It seems it must be possible to write a setuid script because there is
> a lot of fuss about it in "perldoc perlsec" which is also part of the
> camel book.


It's possible, but IIRC "most" linux systems ignore suid bits on
scripts. Not sure about other *nixes.

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
 
Reply With Quote
 
Grant
Guest
Posts: n/a
 
      08-30-2008
On Sat, 30 Aug 2008 05:58:30 -0700 (PDT), Peter Michaux <(E-Mail Removed)> wrote:

>On Aug 30, 1:20*am, magloca <(E-Mail Removed)> wrote:
>> Peter Michaux @ Saturday 30 August 2008 09:07:
>>
>>
>>
>> > Hi,

>>
>> > I'm trying to write a setuid script and can't make it happen. I've
>> > trimmed it down to the very simple example below trying to have a
>> > logger.pl script add a message to a log file. This is my Bash
>> > transcript with all the pertinent details.

>> [code snipped]
>> > (I don't run into any errors when writing the same program in C.)

>>
>> Yeah, I tried to do something like that once, too. Turned out the setuid
>> flag is ignored on scripts; it's only allowed on (binary) executables.
>> So that's also why your compiled C program works.

>
>It seems it must be possible to write a setuid script because there is
>a lot of fuss about it in "perldoc perlsec" which is also part of the
>camel book.


Just add a C wrapper to call the script, something like:

#!/bin/bash
set -x
rm -f $1.c
rm -f ../$1.cgi
rm -f $1.cgi

echo "main () {
execl (\"$PWD/$1\", \"$1\", (char *)0 );
printf(\"Content-type: text/plain\\n\\n\");
printf(\"$1.cgi: fatal - failed to start $1, wait, then refresh.\\n\");
}
" > $1.c

gcc $1.c -o $1.cgi
strip -s $1.cgi
chmod 04555 $1.cgi
mv $1.cgi ../
rm -f $1.c

Grant.
--
http://bugsplatter.id.au/
 
Reply With Quote
 
Jürgen Exner
Guest
Posts: n/a
 
      08-30-2008
Peter Michaux <(E-Mail Removed)> wrote:
>It seems it must be possible to write a setuid script [...]


Yes, it is. The question is, if you _OS_ will execute scripts as SUID or
not. This applies to any script, not just scripts written in Perl.

jue
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
setuid script - require failing gga Ruby 0 06-17-2007 10:58 AM
suidperl script setuid to root .It not work.....? Archie邱 Perl Misc 0 03-09-2006 12:20 PM
setuid script "insecure dependency..." error ct Perl Misc 2 02-22-2006 09:50 PM
setuid script changed ittay.dror@gmail.com Perl Misc 1 02-14-2005 10:23 PM
chmod or setuid? Need to give script permission to write files Michael Lubavin Perl 1 07-25-2003 01:16 AM



Advertisments