Why was suid support dropped in perl?

S

shrike

####
From the INSTALL file of 5.16:
suidperl was an optional component of earlier releases of perl. It is no
longer available. Instead, use a tool specifically designed to handle
changes in privileges, such as B<sudo>.
####

I imagine this has busted quite a few sysadmin tools across perls install base. Why the change?
 
R

Rainer Weikusat

####
From the INSTALL file of 5.16:
suidperl was an optional component of earlier releases of perl. It is no
longer available. Instead, use a tool specifically designed to handle
changes in privileges, such as B<sudo>.
####

I imagine this has busted quite a few sysadmin tools across perls
install base. Why the change?

I do not know who came up with the idea to install the perl
interpeter(!) as setuid-0 program because providing a functionally
equivalent facility in C is so dead easy: Just compile the program
below, install as 'setuid whatever you want to' and all other local
users will be able to execute arbitrary code with the desired
privilege level.

#include <unistd.h>

int main(int argc, char **argv)
{
setuid(geteuid());
execvp(argv[1], argv + 1);
return 0;
}
 
S

shrike

suidperl has had many security problems over the years, has not been

part of the default install for a long time, and has been explicitly

deprecated in INSTALL since at least 5.10.0. The design of suidperl

requires it to link all of the argument-parsing code of perl itself,

which is rather complicated and not something you want to link into a

vulnerable program if you can help it. In practice using sudo instead is

pretty-much never a problem.



Ben

It turns out I have run into such a problem: running a driver written in perl on a remote host via SSH. Either I turn off the tty requirement for sudoon the whole box, or I embed perl. I would much rather make a fifo, fork and seteuid() down to nobody to isolate privs.

In terms of making a redistributable package, if I touch sudo then I have to support sudo, and if I use a cheap wrapper, it looks kludgy. To embed I have to code in C, and frankly my C leaves something to be desired. Python does support suid I think, but I'm not adding more interpreters to my box.

Embedding perl is a pretty tall order just to get a monolithic redistributable out of the deal. Any other options?
 
S

shrike

Why not permit SSH to root using a key pair with a command restriction?

Since the command runs as root, there's no su-ing required.



This does have the risks associated with the program itself running as

root, but you'd have those anyway, right?



- Andrewq

Because then I would have to support public key rhost based authentication for sshd, which is an even worse proposition than supporting sudo. If I touch _anything_ else, I own it. All I can reasonably expect to secure or support is _my_ code. This is the basic reality of software support.

My concern is not whether _I_ can use it. My concern is whether somebody else can use it by following a short set of instructions. "chmod +s" works. sudo or rhost+sshd is a 3 hour support call. And I'm not going to tell somebody to turn on remote access for the root account for sshd, when I have no reasonable expectation that they understand the consequences of doing so.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top