Setuid problems with perl 5.8.4?

Discussion in 'Perl Misc' started by Roy Smith, Jun 3, 2004.

  1. Roy Smith

    Roy Smith Guest

    I've got a perl script that runs setuid root. It used to run just fine
    under perl 5.00503 (on RedHat 6.1 linux).

    I recently upgraded to perl 5.8.4 and now it's behaving as if it were
    not setuid. It doesn't print any errors, but acts as if it were not
    setuid. Has anything changed between those two versions which might
    affect setuid behavior?
     
    Roy Smith, Jun 3, 2004
    #1
    1. Advertising

  2. On Wed, 02 Jun 2004 21:20:14 -0400, Roy Smith <> wrote:
    > I've got a perl script that runs setuid root. It used to run just fine
    > under perl 5.00503 (on RedHat 6.1 linux).
    >
    > I recently upgraded to perl 5.8.4 and now it's behaving as if it were
    > not setuid. It doesn't print any errors, but acts as if it were not
    > setuid. Has anything changed between those two versions which might
    > affect setuid behavior?


    Due to security concerns, suidperl for recent Perl versions is not suid by
    default, but you could likely make it so if you understand the risks (and
    perldoc perlsec). Or you could use an suid binary (like C) wrapper to run
    that particular script.

    Of course running anything suid will not run directly under apache suexec,
    due to its safeguards (but could work indirectly).

    --
    David Efflandt - All spam ignored http://www.de-srv.com/
     
    David Efflandt, Jun 3, 2004
    #2
    1. Advertising

  3. Roy Smith

    Ben Morrow Guest

    Quoth (David Efflandt):
    > On Wed, 02 Jun 2004 21:20:14 -0400, Roy Smith <> wrote:
    > > I've got a perl script that runs setuid root. It used to run just fine
    > > under perl 5.00503 (on RedHat 6.1 linux).
    > >
    > > I recently upgraded to perl 5.8.4 and now it's behaving as if it were
    > > not setuid. It doesn't print any errors, but acts as if it were not
    > > setuid. Has anything changed between those two versions which might
    > > affect setuid behavior?

    >
    > Due to security concerns, suidperl for recent Perl versions is not suid by
    > default, but you could likely make it so if you understand the risks (and
    > perldoc perlsec). Or you could use an suid binary (like C) wrapper to run
    > that particular script.
    >
    > Of course running anything suid will not run directly under apache suexec,
    > due to its safeguards (but could work indirectly).


    Surely under modern systems with safe setid scripts (i.e. with /dev/fd)
    suidperl doesn't come into it any more?

    $ su
    # cat > suid
    #!/usr/bin/perl

    print $<, ',', $>, "\n";
    ^D
    # chmod 4755 suid
    # ^D
    $ ./suid
    1000,0
    $

    OTOH, if your script *does* use suidperl, then you can simply change it
    to using ordinary perl instead. As I understand (but I am certainly no
    expert) this is safer than having a setid suidperl executable.

    Ben

    --
    Like all men in Babylon I have been a proconsul; like all, a slave ... During
    one lunar year, I have been declared invisible; I shrieked and was not heard,
    I stole my bread and was not decapitated.
    ~ ~ Jorge Luis Borges, 'The Babylon Lottery'
     
    Ben Morrow, Jun 4, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Lubavin
    Replies:
    1
    Views:
    3,092
    Steve Grazzini
    Jul 25, 2003
  2. danpres2k
    Replies:
    0
    Views:
    1,491
    danpres2k
    Aug 13, 2003
  3. Perl with setuid enabled

    , Nov 6, 2006, in forum: Perl Misc
    Replies:
    3
    Views:
    569
    Peter J. Holzer
    Nov 11, 2006
  4. Larry W. Virden

    Perl IPC::open use in a setuid program

    Larry W. Virden, Dec 1, 2008, in forum: Perl Misc
    Replies:
    2
    Views:
    225
    Tad J McClellan
    Dec 1, 2008
  5. PerlFAQ Server
    Replies:
    0
    Views:
    107
    PerlFAQ Server
    Apr 7, 2011
Loading...

Share This Page