suidperl to useradd can not exec ........

Discussion in 'Perl Misc' started by Archie邱, Mar 9, 2006.

  1. #!/usr/bin/suidperl -wT
    use CGI;
    $ENV{'PATH'} = '/bin:/usr/bin';
    delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
    $path = $ENV{'PATH'};

    $q = new CGI;
    print $q->header(-charset=>'big5');
    print $q->start_html(-title=>'setup new user');
    system("/usr/sbin/useradd -c 'tester user' 'tester' ");

    print $q->h2("test ok !!");

    ==> I want to useradd by suidperl but it not work why ?
     
    Archie邱, Mar 9, 2006
    #1
    1. Advertising

  2. Archie邱

    Anno Siegel Guest

    Archieé ± <> wrote in comp.lang.perl.misc:
    > #!/usr/bin/suidperl -wT


    As I remember you don't call suidperl yourself. The perl binary
    calls it in its own stead under certain conditions. Look it up
    in perlsec.

    > use CGI;
    > $ENV{'PATH'} = '/bin:/usr/bin';
    > delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
    > $path = $ENV{'PATH'};
    >
    > $q = new CGI;
    > print $q->header(-charset=>'big5');
    > print $q->start_html(-title=>'setup new user');
    > system("/usr/sbin/useradd -c 'tester user' 'tester' ");
    >
    > print $q->h2("test ok !!");
    >
    > ==> I want to useradd by suidperl but it not work why ?


    Is the CGI script setuid to root? It would have to be.

    Are your aware that everyone who can access (run) that script can add
    users to your system?

    Anno
    --
    If you want to post a followup via groups.google.com, don't use
    the broken "Reply" link at the bottom of the article. Click on
    "show options" at the top of the article, then click on the
    "Reply" at the bottom of the article headers.
     
    Anno Siegel, Mar 9, 2006
    #2
    1. Advertising

  3. just for test suidperl ....
    it can not work .....
    Is the CGI script setuid to root? It would have to be. ... but it not
    work .....



    $ more reboot.pl
    #!/usr/bin/suidperl -T
    $ENV{BASH_ENV} = '/sbin';
    $ENV{'PATH'} = '/sbin:/usr/bin';
    `/bin/sync;/bin/sync;/sbin/reboot`
    $
    $
    $ ls -l /usr/bin/suidperl
    -rws--x--x 2 root root 257938 10??15 2003
    /usr/bin/suidperl
    $ /usr/bin/suidperl -v
    $
    This is perl, v5.8.1 built for i386-linux-thread-multi

    Copyright 1987-2003, Larry Wall

    Perl may be copied only under the terms of either the Artistic License
    or the
    GNU General Public License, which may be found in the Perl 5 source
    kit.

    Complete documentation for Perl, including FAQ lists, should be found
    on
    this system using `man perl' or `perldoc perl'. If you have access to
    the
    Internet, point your browser at http://www.perl.com/, the Perl Home
    Page.
    $
    $
    ls -l reboot.pl
    -rwsr-xr-x 1 root root 118 3?? 9 19:05 reboot.pl
    $
    $ ./reboot.pl
    reboot: must be superuser.
    $
     
    Archie邱, Mar 9, 2006
    #3
  4. Archie邱

    Joe Smith Guest

    Archie邱 wrote:
    > just for test suidperl ....
    > it can not work .....
    > Is the CGI script setuid to root? It would have to be. ... but it not
    > work .....


    It appears that English is not your primary language.
    I'll keep it short and blunt.

    > $ more reboot.pl
    > #!/usr/bin/suidperl -T


    No. Don't do that. Change 'suidperl' to 'perl' on the first line.

    #!/usr/bin/perl -T
    $ENV{PATH}='/sbin:/bin:/usr/sbin:/usr/bin';
    print "$0 \$<=$< \$>=$> \$(='$(' \$)='$)'\n";
    print grep /perl/,`/bin/ps ax`;

    The system will automatically run suidperl on your script.
    Use 'perl' not 'suidperl' to get the right behavior.
    -Joe
     
    Joe Smith, Mar 10, 2006
    #4
  5. thanks !
     
    Archie邱, Mar 10, 2006
    #5
  6. Archie邱

    Dr.Ruud Guest

    Archie? schreef:
    > thanks !


    How handy, now we can just say
    <news:>
    when we want to say "thanks !".

    --
    Affijn, Ruud

    "Gewoon is een tijger."
     
    Dr.Ruud, Mar 10, 2006
    #6
  7. Dr.Ruud <> wrote:
    > Archie? schreef:
    >> thanks !

    >
    > How handy, now we can just say
    ><news:>
    > when we want to say "thanks !".



    Reuse is good.

    Now if the response should ever need to be changed, we can
    change it in just one place instead of all over Usenet,
    making for a more robust and maintainable group.


    --
    Tad McClellan SGML consulting
    Perl programming
    Fort Worth, Texas
     
    Tad McClellan, Mar 10, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ravi

    How to install SUIDPERL

    Ravi, Apr 12, 2004, in forum: Perl
    Replies:
    0
    Views:
    983
  2. Skeleton Man

    suidperl and libperl.so

    Skeleton Man, Jul 1, 2004, in forum: Perl
    Replies:
    0
    Views:
    672
    Skeleton Man
    Jul 1, 2004
  3. ThERiZla
    Replies:
    0
    Views:
    219
    ThERiZla
    Dec 17, 2003
  4. Archie邱
    Replies:
    0
    Views:
    160
    Archie邱
    Mar 9, 2006
  5. Archie邱
    Replies:
    1
    Views:
    132
    A. Sinan Unur
    Mar 9, 2006
Loading...

Share This Page