suidperl to useradd can not exec ........

[Archie邱]

#!/usr/bin/suidperl -wT
use CGI;
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$path = $ENV{'PATH'};

$q = new CGI;
print $q->header(-charset=>'big5');
print $q->start_html(-title=>'setup new user');
system("/usr/sbin/useradd -c 'tester user' 'tester' ");

print $q->h2("test ok !!");

==> I want to useradd by suidperl but it not work why ?

 

[Anno Siegel]

#!/usr/bin/suidperl -wT

As I remember you don't call suidperl yourself. The perl binary
calls it in its own stead under certain conditions. Look it up
in perlsec.

use CGI;
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$path = $ENV{'PATH'};

$q = new CGI;
print $q->header(-charset=>'big5');
print $q->start_html(-title=>'setup new user');
system("/usr/sbin/useradd -c 'tester user' 'tester' ");

print $q->h2("test ok !!");

==> I want to useradd by suidperl but it not work why ?

Is the CGI script setuid to root? It would have to be.

Are your aware that everyone who can access (run) that script can add
users to your system?

Anno

 

[Archie邱]

just for test suidperl ....
it can not work .....
Is the CGI script setuid to root? It would have to be. ... but it not
work .....



$ more reboot.pl
#!/usr/bin/suidperl -T
$ENV{BASH_ENV} = '/sbin';
$ENV{'PATH'} = '/sbin:/usr/bin';
`/bin/sync;/bin/sync;/sbin/reboot`
$
$
$ ls -l /usr/bin/suidperl
-rws--x--x 2 root root 257938 10??15 2003
/usr/bin/suidperl
$ /usr/bin/suidperl -v
$
This is perl, v5.8.1 built for i386-linux-thread-multi

Copyright 1987-2003, Larry Wall

Perl may be copied only under the terms of either the Artistic License
or the
GNU General Public License, which may be found in the Perl 5 source
kit.

Complete documentation for Perl, including FAQ lists, should be found
on
this system using `man perl' or `perldoc perl'. If you have access to
the
Internet, point your browser at http://www.perl.com/, the Perl Home
Page.
$
$
ls -l reboot.pl
-rwsr-xr-x 1 root root 118 3?? 9 19:05 reboot.pl
$
$ ./reboot.pl
reboot: must be superuser.
$

 

[Joe Smith]

just for test suidperl ....
it can not work .....
Is the CGI script setuid to root? It would have to be. ... but it not
work .....

It appears that English is not your primary language.
I'll keep it short and blunt.

$ more reboot.pl
#!/usr/bin/suidperl -T

No. Don't do that. Change 'suidperl' to 'perl' on the first line.

#!/usr/bin/perl -T
$ENV{PATH}='/sbin:/bin:/usr/sbin:/usr/bin';
print "$0 \$<=$< \$>=$> \$(='$(' \$)='$)'\n";
print grep /perl/,`/bin/ps ax`;

The system will automatically run suidperl on your script.
Use 'perl' not 'suidperl' to get the right behavior.
-Joe

 

[Archie邱]

thanks !

 

[Dr.Ruud]

Archie? schreef:

thanks !

How handy, now we can just say
<when we want to say "thanks !".

 

[Tad McClellan]

Archie? schreef:

How handy, now we can just say
<when we want to say "thanks !".

Reuse is good.

Now if the response should ever need to be changed, we can
change it in just one place instead of all over Usenet,
making for a more robust and maintainable group.