Many thanks to Simon Greaves <greaves_s_at_usp.ac.fj>
and Adam Rice <adam_at_netvillage.co.uk>. Their advice follows:
____________________________________________________________________
Hugh,
have another look at the perl book, (1st edition exampoles section, 2nd
edition pages 360-361) you should find an example of a trivial C wrapper
program that could be used to do what you want. See also the wrapsuid
program in the 'eg' directory of the perl distribution.
Simon
_____________________________________________________________________
Yes. Both ways :-) Actually, I've done it with b) more. You don't need to do
setuid(0) in the C program unless you actually want the script to run as root
with tainting checks turned off (but tainting checks are useful, if annoying).
Also, I'd recommend using one of the exec system calls rather than system,
as it's more efficient and avoids the C wrapper sticking around until the
script
exits.
A simple C wrapper (untested) would be
#include <unistd.h>
int main(int argc, char *argv[]) {
char *script="/full/path/of/your/script";
execv(script, argv);
}
Incidentally, if you're concerned about security, use a very recent
(perl5.004_01
or later) version of Perl, because setuid security lapsed a little in the
middle-
versions of Perl 5 development. Version 4 Perls are also believed to be okay
(though they are, of course, obsolete).
Adam
___________________________ Original post ______________________________
Rumor and the alpha-osf-managers archives have it that DU won't allow
scripts (versus compiled programs) to run suid. I've been trying to find
out how to set up a perl script to run suid, in addition to doing the
chown root and chmod u+s commands.
There is one example in the perlipc man page, the same example as in the
O'Reilly _Programming_Perl_ book:
( $EUID, $EGID ) = ( $UID, $GID );
This seems under-commented. There is also mention in the perlsec man
page of suidperl; but nothing more is said about this.
I know I can
a) re-install perl with the suid-emulation stuff turned on (I didn't
install it originally), or
b) write a quickie C program to setuid(0) and system(perl script)
(or maybe exec?).
Has anyone actually written and run a perl script suid? How did you do
it?
Hugh
Hugh Pritchard, M.Sc.
Mailto: Hugh.Pritchard_at_MCI.com
metro Washington, DC
Received on Thu Jun 04 1998 - 22:32:07 NZST