[H-GEN] Setting a Perl script suid
Stephen Thorne
stephen at mu.com.au
Thu Sep 11 00:10:23 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
[ There was was a chap named Stephen | The Humbug lists accept posts only ]
[ Who appeared to be a bit of a heathen | from subscribed addresses. If you ]
[ For he didn't know | do not post from your subscribed ]
[ So did it twice in a row | address, your message may not be ]
[ Used the wrong address on his mailing | forwarded onwards. --ListGrouch ]
On Wed, 10 Sep 2003 16:55, Paul Cornford wrote:
> Because after hours of unrewarded effort I can't seem to access the Perl
> modules I need without it. Yes I've tried adding to @INC, and I've tried
> 'use lib ...' but these haven't worked. However, I did manage to run the
> script on my own machine at home successfully SUID, and since the script
> is for internal use only it seems the only way to go. Clearly my
> understanding of permissions is lacking but the time factor has beaten
> me for further study.
Its my understanding that you cannot set a script (i.e. something you execute
that starts with #!/path/to/bin/file) suid. I'm not sure about the perl
specifics, but here are two tips that apply to scripting languages.
1) Wrapping the script in a suid C program[0] you've written for the purpose.
2) If you're using apache, have a look at 'suexec'[1], which is something for
apache to execute certain CGI scripts as a particular user
Regards,
Stephen Thorne
[0]
# This assumes you're not interested in passing through arguments or STDIN.
# Making this useful is left as an exercise for the reader.
cat > runmyscript.c <<EOF
int main (int argc, char*argv)
{
system("/path/to/my/script.sh");
return 0;
}
EOF
gcc -o runmyscript runmyscript.c
chmod u+s runmyscript
[1] http://httpd.apache.org/docs-2.0/mod/mod_suexec.html
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list