This mailing list has once again proved invaluable to me (in terms of
quality and quantity of replies, as well as response time).
My original post:
>Is error code 13 (returned from wait()) a standard UNIX error code? If so,
>what does it mean? The error code it being generated by a Perl script
>executed from within another Perl script. I've look through the code and
>there's no explicit reference to exit(13).
Harald van Breederode <hbreeder_at_nl.oracle.com> wrote:
>Yes, it's a standard Unix error code.
>You can find them in /usr/include/sys/errno.h
>Error 13 is listed as:
>
>#define EACCES 13 /* Permission denied */
Thomas Erskine <thomas.erskine-dated_at_crc.ca> wrote:
>I used to look through the include files (usually
>/usr/include/sys/errno.h) to look these up. However, since you're using
>perl anyway, try:
>
>perl -e '$!=13; print "$!\n";'
>
>which will say "permission denied".
Thanks to the following people who also sent in replies:
alan_at_nabeth.cxo.dec.com
Joanna Gaski <jgaski_at_WPI.EDU>
angelm_at_arango.com (Angel Martinez)
Jim Harm <harm1_at_llnl.gov>
John Speno <speno_at_isc.upenn.edu>
"Edwin R Wolfe Jr." <ewolfe_at_umich.edu>
"Dr. Tom Blinn, 603-884-0646" <tpb_at_zk3.dec.com>
Oisin McGuinness <oisin_at_sbcm.com>
Also of interest may be a follow-up reply sent to me by Thomas Erskine upon
inquiring about setting the UID bit on Perl scripts in DU:
>> Hi Thomas,
>[snip]
>> Thanks for your quick response. Since you seem to know your Perl, perhaps I
>> could ask you a couple more questions.
>[snip]
>> The wierd thing is that I've run "chmod u+s root" on the CGI script, so I
>> would expect it to be able to access any executable on the machine.
>
>I'm pretty sure that setuid scripts don't work on DU... yup, they're
>disabled in the kernel. You'll have to run the script under a setuid
>wrapper program.
>
>Try running the following script (chmod 4755 first) to convince yourself
>that setuid scripts don't work:
>
> #!/usr/local/bin/perl -w
> print "ids $<, $>, $(, $)\n";
>
>See the Perl book page 361 for more discussion. You need a wrapper
>program like:
>
> #define REAL_FILE "/path/to/script"
> main(ac,av)
> int ac;
> char **av;
> {
> execv(REAL_FILE, av);
> }
>
>Which you compile and make setuid.
>
>> This is my first attempt at messing around with SetUID, so and pointers
>> would be greatly appreciated.
>
>Be afraid, be very afraid. ;-) But _do_ be careful. Remember that any
>string which comes from outside your script is a potential source of
>security problems. Use at least "-Wt" on your perl line and don't cheat
>on the untainting.
After the fact, I found a message in the mailing list archives on this very
topic:
>Date: Thu, 04 Jun 1998 16:31 -0400 (EDT)
>From: Hugh Pritchard <Hugh.Pritchard_at_MCI.com>
>Subject: SUMMARY: perl suid scripts on DU?
Thanks again to everyone for taking the pain out of administering DU!
ian
- - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - -
ian wojtowicz | nation1
http://www.nation1.net
i_at_woj.com ICQ:7652147 | A new country for the info age, run
http://woj.com | by the people who know it best: kids
- - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - -
Received on Sun Jun 28 1998 - 17:35:35 NZST