how to change the effective UID

[Daneel Yaitskov]

Hi,


I can't change the EUID of a perl process which performs a perl script.
I used the manual perlsec and wrote the script:

#!/usr/bin/perl
use English;

$EUID = 0;
open(THEFILE, ">/var/log/messages") || die "can't open file";
print "The file was opened\n";
#end of the script

The script file has the rights:
$chown root:root test.pl
$chmod a+xs test.pl
The script gives the error "can't open file"


Daneel

 

[Leon Timmermans]

Hi,


I can't change the EUID of a perl process which performs a perl script.
I used the manual perlsec and wrote the script:

#!/usr/bin/perl
use English;

$EUID = 0;

After setting $EUID, you should always check $! (also known as $ERRNO
when using English) for errors. What does it say?

open(THEFILE, ">/var/log/messages") || die "can't open file"; print "The
file was opened\n";

Here again, you should always include $! in the error string. It will
tell you why it couldn open the file.

Regards,

Leon Timmermans

 

[Daneel Yaitskov]

After setting $EUID, you should always check $! (also known as $ERRNO
when using English) for errors. What does it say?


Here again, you should always include $! in the error string. It will
tell you why it couldn open the file.

Regards,

Leon Timmermans

I have inserted the line "print "Result: $!\n";" after the line "$EUID =
0;". Trace command has printed "Operation not permitted".

What is CLPM?

 

[Daneel Yaitskov]

In that case the problem seems to be that you're not running as root.

Ho! The suid flag exists that a process with the normal rights could
take the super rights.

In short, I have taken luck. The perl printed the notice, suid isn't
supported, to me when I had seted the suid to $(which perl). It offered
the following variants:

1) to use a wrap in C
2) to start the perl with the -u option (dump) and then to generate the
true program from the dump with help the undump program.


Daneel

 

[Daneel Yaitskov]

Many operating systems don't allow setuid scripts for security
reasons. Have you tried checking the value of $< to see if you're
*really* running as root? Have you tried running your script with sudo
or su, to see if it behaves correctly that way?

sherm--

The script works good with the super rights. I found a solve of the
problem. See my answer to Leon Timmermans above.

Daneel

 

[Ben Morrow]

Ho! The suid flag exists that a process with the normal rights could
take the super rights.

In short, I have taken luck. The perl printed the notice, suid isn't
supported, to me when I had seted the suid to $(which perl). It offered
the following variants:

Yow! *DON'T* make /usr/bin/perl set-uid. That would be a major security
problem.

Are you sure you ought to be writing programs which run setid? I think
you should learn a little more about writing secure systems before you
start randomly making things setuid root.

1) to use a wrap in C
2) to start the perl with the -u option (dump) and then to generate the
true program from the dump with help the undump program.

If your system doesn't support setid scripts (because of a long-standing
kernel security hole), you can use suidperl to emulate them. But, again,
you *really* need to better understand the security implications of what
you are doing before you try this.

Ben

 

[Dominique Dumont]

I can't change the EUID of a perl process which performs a perl script.
I used the manual perlsec and wrote the script:

#!/usr/bin/perl
use English;

$EUID = 0;
open(THEFILE, ">/var/log/messages") || die "can't open file";

Eek

Why do you want to clobber logs not related to your program ?

Why don't you use logger (or the Perl module equivalent) to send logs?