DBI and DBD::Informix - LD_LIBRARY_PATH does not work with suid perl script 
Author Message
 DBI and DBD::Informix - LD_LIBRARY_PATH does not work with suid perl script

I am trying to suid a Perl script that uses the DBI and DBD:Informix
modules.  This setup uses  some Informix dynamic libraries normally
located by the system via the LD_LIBRARY_PATH environment variable.

It looks like the suid script will NOT use LD_LIBRARY_PATH.  The script
will run fine before suid and when I copy the Informix libraries to
/usr/lib.

Is this by design?  If so, any suggestion on how to get around it?

My evironment is:

Solaris X86 2.6, Perl5.004_04, DBI-0.93, DBD-Informix-0.58

--
    Geraldo Veiga                               (908)576-5777
    AT&T Labs
    Room 3E-203  - 307 Middletown-Lincroft Rd.
    Lincroft, NJ 07738



Sat, 16 Sep 2000 03:00:00 GMT  
 DBI and DBD::Informix - LD_LIBRARY_PATH does not work with suid perl script

Quote:

>I am trying to suid a Perl script that uses the DBI and DBD:Informix
>modules.  This setup uses  some Informix dynamic libraries normally
>located by the system via the LD_LIBRARY_PATH environment variable.
>It looks like the suid script will NOT use LD_LIBRARY_PATH.  The script
>will run fine before suid and when I copy the Informix libraries to
>/usr/lib.
>Is this by design?  If so, any suggestion on how to get around it?

Yes, this is by design. I think you could work around this problem by
applying the patch below to the DBD-Informix Makefile.PL and rebuilding
it. It puts the path to the Informix libraries into the perl libraries, thus
not needing LD_LIBRARY_PATH (this works form me at least for non-suid
programs, I did not verify if it does work with suid-programs).

(The first part of the patch is not needed, it is just for those poor
schmucks like me who like to make packages from their perl modules and so
have an installation directory different from the _real_ install directory
in which it gets installed with pkgadd (or with depot if you happen to use
it)

Hope this helps.

--Swen

diff -ur DBD-Informix-0.58.orig/Makefile.PL DBD-Informix-0.58/Makefile.PL
--- DBD-Informix-0.58.orig/Makefile.PL  Thu Jan 15 20:53:53 1998

 # Need to pick up the DBI headers.
 # Prior to DBI-0.77, the /auto sub-directory in $INC2 was not used.
-my $INC2 = "-I\$(INSTALLSITEARCH)/auto/DBI";
+my $INC2 = "-I\$(SITEARCHEXP)/auto/DBI";

 $opts{INC} .= " $INC1 $INC2";

 #                              !($vernum >= 722 && $Config{osname} eq 'dec_osf');
                # Override default version of $opts{LD}
                $opts{dynamic_lib} =
-                       { OTHERLDFLAGS => "-L$ID/lib -L$ID/lib/esql $libs"};
+                       { OTHERLDFLAGS => "-R$ID/lib -R$ID/lib/esql -L$ID/lib -L$ID/lib/esql $libs"};
                $opts{LD} = "$Config{ld} \$(LDDLFLAGS)";
                $opts{LD} .= " -exported_symbol ifx_checkAPI"
                        if ($vernum >= 722 && $Config{osname} eq 'dec_osf');



Sun, 17 Sep 2000 03:00:00 GMT  
 DBI and DBD::Informix - LD_LIBRARY_PATH does not work with suid perl script

Quote:

> I am trying to suid a Perl script that uses the DBI and DBD:Informix
> modules.  This setup uses  some Informix dynamic libraries normally
> located by the system via the LD_LIBRARY_PATH environment variable.

> It looks like the suid script will NOT use LD_LIBRARY_PATH.  The script
> will run fine before suid and when I copy the Informix libraries to
> /usr/lib.

> Is this by design?  If so, any suggestion on how to get around it?

Yes, this is by design in many of the modern Unix variants (including
Solaris that you are running).  You really don't want someone mucking
about with LD_LIBRARY_PATH and putting in their own *special* versions
of things like write().

The workaround is to add a -R/path/to/informix/lib to the final
linking of the .so file(s) or to make sure the env variable
LD_RUN_PATH is set to /path/to/informix/lib before the final linking
of the .so file.

DBD-Oracle already supplies the LD_RUN_PATH env variable by default,
so you might look at their solution (probably in the Makefile.PL) to
see if you can modify that to work with the Informix code.  (And then
send the patch to the DBD-Informix folks.)

Hope this helps.

--
-- Mark Osbourne      O-



Sun, 17 Sep 2000 03:00:00 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. SUID root perl script and wrapper : works with perl5 not with perl4

2. DBI/DBD connection works in shell, not httpd

3. Perl DBD::Informix BEGIN WORK WITHOUT REPLICATION

4. ANNOUNCE: Informix Database Driver for Perl (DBD::Informix) version 1.00.PC1 released

5. DBI-0.93 DBD-Informix-0.58 on SCO

6. DBD/DBI for informix on DEC 1000

7. DBD and DBI::Informix module on WinNT

8. DBI and DBD::Informix under NT 4.0

9. Killing a Query with DBI/DBD for Informix

10. DBI/DBD::Informix and retrieving BLOB data

11. Problem using DBI/DBD-Informix with Apache/mod_perl

12. DBI, DBD::Informix - column order using fetchrow_hashref

 

 
Powered by phpBB® Forum Software