trouble writing a setuid script

P

Peter Michaux

Hi,

I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details.

$ ls -Al
total 8
-rw-r--r-- 1 root wheel 0 29 Aug 23:52 log
-rwsr-xr-x 1 root wheel 145 29 Aug 23:52 logger.pl*
$ cat log
$ cat logger.pl
#!/usr/bin/perl -w

use strict;
use warnings;

my $FILE;
open(FILE, ">> log") or die "couldn't open: ";
print(FILE "hello, world");
close(FILE);
$ whoami
peter
$ ./logger.pl
couldn't open: at ./logger.pl line 7.
$ sudo ./logger.pl
Password:
$ cat log
hello, world

So the script works when I "sudo" but not when the script runs as my
normal "peter" user.

Any ideas why it doesn't work and what I need to change?

(I don't run into any errors when writing the same program in C.)

Thanks,
Peter
 
M

magloca

Peter Michaux @ Saturday 30 August 2008 09:07:
Hi,

I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details. [code snipped]
(I don't run into any errors when writing the same program in C.)

Yeah, I tried to do something like that once, too. Turned out the setuid
flag is ignored on scripts; it's only allowed on (binary) executables.
So that's also why your compiled C program works.

m.
 
P

Peter Michaux

Peter Michaux @ Saturday 30 August 2008 09:07:


I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details. [code snipped]
(I don't run into any errors when writing the same program in C.)

Yeah, I tried to do something like that once, too. Turned out the setuid
flag is ignored on scripts; it's only allowed on (binary) executables.
So that's also why your compiled C program works.

It seems it must be possible to write a setuid script because there is
a lot of fuss about it in "perldoc perlsec" which is also part of the
camel book.

Peter
 
J

Joost Diepenmaat

Peter Michaux said:
It seems it must be possible to write a setuid script because there is
a lot of fuss about it in "perldoc perlsec" which is also part of the
camel book.

It's possible, but IIRC "most" linux systems ignore suid bits on
scripts. Not sure about other *nixes.
 
G

Grant

Peter Michaux @ Saturday 30 August 2008 09:07:


I'm trying to write a setuid script and can't make it happen. I've
trimmed it down to the very simple example below trying to have a
logger.pl script add a message to a log file. This is my Bash
transcript with all the pertinent details. [code snipped]
(I don't run into any errors when writing the same program in C.)

Yeah, I tried to do something like that once, too. Turned out the setuid
flag is ignored on scripts; it's only allowed on (binary) executables.
So that's also why your compiled C program works.

It seems it must be possible to write a setuid script because there is
a lot of fuss about it in "perldoc perlsec" which is also part of the
camel book.

Just add a C wrapper to call the script, something like:

#!/bin/bash
set -x
rm -f $1.c
rm -f ../$1.cgi
rm -f $1.cgi

echo "main () {
execl (\"$PWD/$1\", \"$1\", (char *)0 );
printf(\"Content-type: text/plain\\n\\n\");
printf(\"$1.cgi: fatal - failed to start $1, wait, then refresh.\\n\");
}
" > $1.c

gcc $1.c -o $1.cgi
strip -s $1.cgi
chmod 04555 $1.cgi
mv $1.cgi ../
rm -f $1.c

Grant.
 
J

Jürgen Exner

Peter Michaux said:
It seems it must be possible to write a setuid script [...]

Yes, it is. The question is, if you _OS_ will execute scripts as SUID or
not. This applies to any script, not just scripts written in Perl.

jue
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,818
Messages
2,569,732
Members
45,691
Latest member
Dick331194

Latest Threads

Top