Messing with UID's and GID's

D

Dave Ardrey

I am trying to write a program that will write to a log file every
time it is called. However, I don't want everyone to have write
access to the log file, so I made the log file have the same owner as
the script and set the permissions on the script to 6755 (setting the
uid and gid bits).

The problem is that when the permissions are set and I'm running as a
different user, it doesn't like doing system calls(gives me an error).
So I set the effective uid and gid to be the real uid and gid until I
need them to be different but now when I try and do a system call I
get this error:

Insecure $ENV{PATH} while running with -T switch at /dev/fd/3 line
102.


Any ideas what can be done about this? I know it's probably just as
much of a UNIX question than a perl one. I hope that's ok.

Thanks for your help.
 
G

Greg Bacon

: [...]
:
: The problem is that when the permissions are set and I'm running as a
: different user, it doesn't like doing system calls(gives me an error).
: So I set the effective uid and gid to be the real uid and gid until I
: need them to be different but now when I try and do a system call I
: get this error:
:
: Insecure $ENV{PATH} while running with -T switch at /dev/fd/3 line
: 102.

Right. When perl sees that it's running setuid, it goes into taint
mode. See the perlsec manpage for the full details.

The quick fix is to follow this advice from the perlrun manpage:

$ENV{PATH} = '/bin:/usr/bin'; # or whatever you need
$ENV{SHELL} = '/bin/sh' if exists $ENV{SHELL};
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};

I *strongly* encourage you to read the perlsec manpage if you're
planning to write and run setuid Perl programs.

: Any ideas what can be done about this? I know it's probably just as
: much of a UNIX question than a perl one. I hope that's ok.

Why not follow the syslog model, i.e., have another program listen
at some rendezvous point such as a named pipe or socket (either Unix
or network domain) for log entries? That way, you don't have to bother
with setuid games: the logging process would run as the owner of the
log file.

Greg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Qsort() messing with my entire Code 0
Qsort() is messing with my entire Code!!! 0
Messing with the GC 7
Messing up with classes and their namespace 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
fork messing up parent filehandle 6
'+' messing up regular expression 9
differences between find2perl and find 4

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 398

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,053
Latest member
billing-software

Latest Threads

Top