trouble writing a setuid script

Discussion in 'Perl Misc' started by Peter Michaux, Aug 30, 2008.

  1. Hi,

    I'm trying to write a setuid script and can't make it happen. I've
    trimmed it down to the very simple example below trying to have a
    logger.pl script add a message to a log file. This is my Bash
    transcript with all the pertinent details.

    $ ls -Al
    total 8
    -rw-r--r-- 1 root wheel 0 29 Aug 23:52 log
    -rwsr-xr-x 1 root wheel 145 29 Aug 23:52 logger.pl*
    $ cat log
    $ cat logger.pl
    #!/usr/bin/perl -w

    use strict;
    use warnings;

    my $FILE;
    open(FILE, ">> log") or die "couldn't open: ";
    print(FILE "hello, world");
    close(FILE);
    $ whoami
    peter
    $ ./logger.pl
    couldn't open: at ./logger.pl line 7.
    $ sudo ./logger.pl
    Password:
    $ cat log
    hello, world

    So the script works when I "sudo" but not when the script runs as my
    normal "peter" user.

    Any ideas why it doesn't work and what I need to change?

    (I don't run into any errors when writing the same program in C.)

    Thanks,
    Peter
     
    Peter Michaux, Aug 30, 2008
    #1
    1. Advertising

  2. Peter Michaux

    magloca Guest

    Peter Michaux @ Saturday 30 August 2008 09:07:

    > Hi,
    >
    > I'm trying to write a setuid script and can't make it happen. I've
    > trimmed it down to the very simple example below trying to have a
    > logger.pl script add a message to a log file. This is my Bash
    > transcript with all the pertinent details.

    [code snipped]
    > (I don't run into any errors when writing the same program in C.)


    Yeah, I tried to do something like that once, too. Turned out the setuid
    flag is ignored on scripts; it's only allowed on (binary) executables.
    So that's also why your compiled C program works.

    m.
     
    magloca, Aug 30, 2008
    #2
    1. Advertising

  3. On Aug 30, 1:20 am, magloca <> wrote:
    > Peter Michaux @ Saturday 30 August 2008 09:07:
    >
    >
    >
    > > Hi,

    >
    > > I'm trying to write a setuid script and can't make it happen. I've
    > > trimmed it down to the very simple example below trying to have a
    > > logger.pl script add a message to a log file. This is my Bash
    > > transcript with all the pertinent details.

    > [code snipped]
    > > (I don't run into any errors when writing the same program in C.)

    >
    > Yeah, I tried to do something like that once, too. Turned out the setuid
    > flag is ignored on scripts; it's only allowed on (binary) executables.
    > So that's also why your compiled C program works.


    It seems it must be possible to write a setuid script because there is
    a lot of fuss about it in "perldoc perlsec" which is also part of the
    camel book.

    Peter
     
    Peter Michaux, Aug 30, 2008
    #3
  4. Peter Michaux <> writes:

    > It seems it must be possible to write a setuid script because there is
    > a lot of fuss about it in "perldoc perlsec" which is also part of the
    > camel book.


    It's possible, but IIRC "most" linux systems ignore suid bits on
    scripts. Not sure about other *nixes.

    --
    Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
     
    Joost Diepenmaat, Aug 30, 2008
    #4
  5. Peter Michaux

    Grant Guest

    On Sat, 30 Aug 2008 05:58:30 -0700 (PDT), Peter Michaux <> wrote:

    >On Aug 30, 1:20 am, magloca <> wrote:
    >> Peter Michaux @ Saturday 30 August 2008 09:07:
    >>
    >>
    >>
    >> > Hi,

    >>
    >> > I'm trying to write a setuid script and can't make it happen. I've
    >> > trimmed it down to the very simple example below trying to have a
    >> > logger.pl script add a message to a log file. This is my Bash
    >> > transcript with all the pertinent details.

    >> [code snipped]
    >> > (I don't run into any errors when writing the same program in C.)

    >>
    >> Yeah, I tried to do something like that once, too. Turned out the setuid
    >> flag is ignored on scripts; it's only allowed on (binary) executables.
    >> So that's also why your compiled C program works.

    >
    >It seems it must be possible to write a setuid script because there is
    >a lot of fuss about it in "perldoc perlsec" which is also part of the
    >camel book.


    Just add a C wrapper to call the script, something like:

    #!/bin/bash
    set -x
    rm -f $1.c
    rm -f ../$1.cgi
    rm -f $1.cgi

    echo "main () {
    execl (\"$PWD/$1\", \"$1\", (char *)0 );
    printf(\"Content-type: text/plain\\n\\n\");
    printf(\"$1.cgi: fatal - failed to start $1, wait, then refresh.\\n\");
    }
    " > $1.c

    gcc $1.c -o $1.cgi
    strip -s $1.cgi
    chmod 04555 $1.cgi
    mv $1.cgi ../
    rm -f $1.c

    Grant.
    --
    http://bugsplatter.id.au/
     
    Grant, Aug 30, 2008
    #5
  6. Peter Michaux <> wrote:
    >It seems it must be possible to write a setuid script [...]


    Yes, it is. The question is, if you _OS_ will execute scripts as SUID or
    not. This applies to any script, not just scripts written in Perl.

    jue
     
    Jürgen Exner, Aug 30, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Lubavin
    Replies:
    1
    Views:
    3,073
    Steve Grazzini
    Jul 25, 2003
  2. gga
    Replies:
    0
    Views:
    145
  3. setuid script changed

    , Feb 14, 2005, in forum: Perl Misc
    Replies:
    1
    Views:
    266
    Martin Kissner
    Feb 14, 2005
  4. ct
    Replies:
    2
    Views:
    140
    Eric Schwartz
    Feb 22, 2006
  5. Archie邱
    Replies:
    0
    Views:
    156
    Archie邱
    Mar 9, 2006
Loading...

Share This Page