«

Hi,

I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details.

$ ls -Al
total 8
-rw-r--r-- 1 root wheel 0 29 Aug 23:52 log
-rwsr-xr-x 1 root wheel 145 29 Aug 23:52 logger.pl*
$ cat log
$ cat logger.pl
#!/usr/bin/perl -w

use strict;
use warnings;

my $FILE;
open(FILE, ">> log") or die "couldn't open: ";
print(FILE "hello, world");
close(FILE);
$ whoami
peter
$ ./logger.pl
couldn't open: at ./logger.pl line 7.
$ sudo ./logger.pl
Password:
$ cat log
hello, world

So the script works when I "sudo" but not when the script runs as my
normal "peter" user.

Any ideas why it doesn't work and what I need to change?

(I don't run into any errors when writing the same program in C.)

Thanks,
Peter

Peter Michaux @ Saturday 30 August 2008 09:07:

> Hi,
>
> I'm trying to write a setuid script and can't make it happen. I've
> trimmed it down to the very simple example below trying to have a
> logger.pl script add a message to a log file. This is my Bash
> transcript with all the pertinent details.
[code snipped]
> (I don't run into any errors when writing the same program in C.)

Yeah, I tried to do something like that once, too. Turned out the setuid
flag is ignored on scripts; it's only allowed on (binary) executables.
So that's also why your compiled C program works.

m.

On Aug 30, 1:20*am, magloca <magl...@mailinater.com> wrote:
> Peter Michaux @ Saturday 30 August 2008 09:07:
>
>
>
> > Hi,
>
> > I'm trying to write a setuid script and can't make it happen. I've
> > trimmed it down to the very simple example below trying to have a
> > logger.pl script add a message to a log file. This is my Bash
> > transcript with all the pertinent details.
> [code snipped]
> > (I don't run into any errors when writing the same program in C.)
>
> Yeah, I tried to do something like that once, too. Turned out the setuid
> flag is ignored on scripts; it's only allowed on (binary) executables.
> So that's also why your compiled C program works.

It seems it must be possible to write a setuid script because there is
a lot of fuss about it in "perldoc perlsec" which is also part of the
camel book.

Peter

Peter Michaux <> writes:

> It seems it must be possible to write a setuid script because there is
> a lot of fuss about it in "perldoc perlsec" which is also part of the
> camel book.

It's possible, but IIRC "most" linux systems ignore suid bits on
scripts. Not sure about other *nixes.

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

On Sat, 30 Aug 2008 05:58:30 -0700 (PDT), Peter Michaux <> wrote:

>On Aug 30, 1:20*am, magloca <magl...@mailinater.com> wrote:
>> Peter Michaux @ Saturday 30 August 2008 09:07:
>>
>>
>>
>> > Hi,
>>
>> > I'm trying to write a setuid script and can't make it happen. I've
>> > trimmed it down to the very simple example below trying to have a
>> > logger.pl script add a message to a log file. This is my Bash
>> > transcript with all the pertinent details.
>> [code snipped]
>> > (I don't run into any errors when writing the same program in C.)
>>
>> Yeah, I tried to do something like that once, too. Turned out the setuid
>> flag is ignored on scripts; it's only allowed on (binary) executables.
>> So that's also why your compiled C program works.
>
>It seems it must be possible to write a setuid script because there is
>a lot of fuss about it in "perldoc perlsec" which is also part of the
>camel book.

Just add a C wrapper to call the script, something like:

#!/bin/bash
set -x
rm -f $1.c
rm -f ../$1.cgi
rm -f $1.cgi

echo "main () {
execl (\"$PWD/$1\", \"$1\", (char *)0 );
printf(\"Content-type: text/plain\\n\\n\");
printf(\"$1.cgi: fatal - failed to start $1, wait, then refresh.\\n\");
}
" > $1.c

gcc $1.c -o $1.cgi
strip -s $1.cgi
chmod 04555 $1.cgi
mv $1.cgi ../
rm -f $1.c

Grant.
--
http://bugsplatter.id.au/

Peter Michaux <> wrote:
>It seems it must be possible to write a setuid script [...]

Yes, it is. The question is, if you _OS_ will execute scripts as SUID or
not. This applies to any script, not just scripts written in Perl.

jue