suid perl 
Author Message
 suid perl

I am trying to make suid (root) script with perl on my ISC (3.2.2), but
it is complaining about my Unix:

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!

I contacted the local ISC distributor and they did not know how
to fix the kernel so that it suits PERL.

Has anybody a solution?
--
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



                                    Phone  : +358 0 758 1322
Possessed by a Spirit               G3 Fax : +358 0 758 1396



Tue, 29 Mar 1994 18:28:26 GMT  
 suid perl

:I am trying to make suid (root) script with perl on my ISC (3.2.2), but
:it is complaining about my Unix:
:
:YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
:FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
:
:I contacted the local ISC distributor and they did not know how
:to fix the kernel so that it suits PERL.
:
:Has anybody a solution?

This message is triggered because setuid scripts are inherently insecure
due to a kernel bug.  This bug exists in most systems that run #! scripts
with the setuid bit and let that program run under the assumed id.

There's a race condition between the time the kernel looks at the pathname
and when the interpreter does so: you can fake it out by switching links.
If your system has fixed this bug (few have), you can compile Perl so that
it knows this.  Systems with a /dev/fd have a chance at fixing it.  I
haven't heard other approaches.  

Otherwise, what you do is compile a setuid C program that does nothing but
execs Perl with the full name of the script and whatever arguments it was
passed.  Have users call the wrapper instead, and put the script
elsewhere.

And complain to your vendor; if they don't know about it, they aren't
very UNIX savvy.  If they won't fix it once they understand it, they
don't care about security.  Never have a setuid script on your system.

--tom



Fri, 01 Apr 1994 02:34:43 GMT  
 suid perl
: I am trying to make suid (root) script with perl on my ISC (3.2.2), but
: it is complaining about my Unix:
:
: YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
: FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
:
: I contacted the local ISC distributor and they did not know how
: to fix the kernel so that it suits PERL.
:
: Has anybody a solution?

You can put a C wrapper around it to exec the script with the proper
uid.  The suidscript program found in the Camel book can write a wrapper
for you, but it's pretty trivial to do by hand.

Larry



Sat, 02 Apr 1994 02:31:17 GMT  
 suid perl

+---------------

| :I am trying to make suid (root) script with perl on my ISC (3.2.2), but
| :it is complaining about my Unix:
| :
| :YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
| :FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
| :
| :I contacted the local ISC distributor and they did not know how
| :to fix the kernel so that it suits PERL.
|
| This message is triggered because setuid scripts are inherently insecure
| due to a kernel bug.  This bug exists in most systems that run #! scripts
| with the setuid bit and let that program run under the assumed id.
+---------------

That's the bizarre thing about this:  ISC is pretty much stock System V.3.2.
It doesn't *do* #! scripts.

++Brandon (weirded out again...)
--
Brandon S. Allbery                    KF8NH: DC to LIGHT!  [44.70.4.88]



Sat, 02 Apr 1994 06:23:03 GMT  
 suid perl

Quote:

>:YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
>:FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
>:Has anybody a solution?
>Otherwise, what you do is compile a setuid C program that does nothing but
>execs Perl with the full name of the script and whatever arguments it was
>passed.  Have users call the wrapper instead, and put the script
>elsewhere.

Has anyone written a perl script that generates a perl program file which is
its own program, man page, and setuid C wrapper yet?

:-)

--
     ____/     /     /     __  /    _  _/    ____/
    /         /     /     /   /      /     /          Chris Sherman
   /         ___   /        _/      /          /



Sun, 03 Apr 1994 11:36:30 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. DBI and DBD::Informix - LD_LIBRARY_PATH does not work with suid perl script

2. run suid perl scripts

3. Question on suid perl

4. SUID Perl and the passwd program

5. suid perl scripts fail

6. SUID Perl scripts

7. suid perl scripts

8. suid perl

9. Suid perl scripts

10. SUID perl on RH6 with ps

11. aix suid perl problem

12. SUID perl script...

 

 
Powered by phpBB® Forum Software