Messing with UID's and GID's

Discussion in 'Perl Misc' started by Dave Ardrey, Jun 30, 2003.

  1. Dave Ardrey

    Dave Ardrey Guest

    I am trying to write a program that will write to a log file every
    time it is called. However, I don't want everyone to have write
    access to the log file, so I made the log file have the same owner as
    the script and set the permissions on the script to 6755 (setting the
    uid and gid bits).

    The problem is that when the permissions are set and I'm running as a
    different user, it doesn't like doing system calls(gives me an error).
    So I set the effective uid and gid to be the real uid and gid until I
    need them to be different but now when I try and do a system call I
    get this error:

    Insecure $ENV{PATH} while running with -T switch at /dev/fd/3 line
    102.


    Any ideas what can be done about this? I know it's probably just as
    much of a UNIX question than a perl one. I hope that's ok.

    Thanks for your help.
    Dave Ardrey, Jun 30, 2003
    #1
    1. Advertising

  2. Dave Ardrey

    Greg Bacon Guest

    In article <>,
    Dave Ardrey <> wrote:

    : [...]
    :
    : The problem is that when the permissions are set and I'm running as a
    : different user, it doesn't like doing system calls(gives me an error).
    : So I set the effective uid and gid to be the real uid and gid until I
    : need them to be different but now when I try and do a system call I
    : get this error:
    :
    : Insecure $ENV{PATH} while running with -T switch at /dev/fd/3 line
    : 102.

    Right. When perl sees that it's running setuid, it goes into taint
    mode. See the perlsec manpage for the full details.

    The quick fix is to follow this advice from the perlrun manpage:

    $ENV{PATH} = '/bin:/usr/bin'; # or whatever you need
    $ENV{SHELL} = '/bin/sh' if exists $ENV{SHELL};
    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};

    I *strongly* encourage you to read the perlsec manpage if you're
    planning to write and run setuid Perl programs.

    : Any ideas what can be done about this? I know it's probably just as
    : much of a UNIX question than a perl one. I hope that's ok.

    Why not follow the syslog model, i.e., have another program listen
    at some rendezvous point such as a named pipe or socket (either Unix
    or network domain) for log entries? That way, you don't have to bother
    with setuid games: the logging process would run as the owner of the
    log file.

    Greg
    --
    WARNING: Do NOT calculate Pi in binary. It is conjectured that this number
    is normal, meaning that it contains ALL finite bit strings. [...] Some of
    the files on my PC are intensely personal, and I for one don't want you
    snooping through a copy of them. -- Keith F. Lynch in comp.risks
    Greg Bacon, Jun 30, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Florian Lindner

    Find out username and UID/GID

    Florian Lindner, Jan 4, 2004, in forum: Python
    Replies:
    2
    Views:
    529
    Gerrit Holl
    Jan 4, 2004
  2. CJ
    Replies:
    6
    Views:
    325
  3. raocheng
    Replies:
    0
    Views:
    3,721
    raocheng
    Jan 20, 2008
  4. Scott McNab
    Replies:
    2
    Views:
    101
    Scott McNab
    Jun 5, 2007
  5. hakim

    setting uid gid after fork

    hakim, Aug 28, 2007, in forum: Perl Misc
    Replies:
    1
    Views:
    133
    John W. Krahn
    Aug 28, 2007
Loading...

Share This Page