[H-GEN] Setting a Perl script suid
Anthony Towns
aj at azure.humbug.org.au
Thu Sep 11 07:41:16 EDT 2003
On Thu, Sep 11, 2003 at 02:10:23PM +1000, Stephen Thorne wrote:
> Its my understanding that you cannot set a script (i.e. something you execute
> that starts with #!/path/to/bin/file) suid. I'm not sure about the perl
> specifics, but here are two tips that apply to scripting languages.
You can do it, but the suid bit is ignored. For perl scripts, you can point
them at perl-suid instead of perl instead, I believe.
> 1) Wrapping the script in a suid C program[0] you've written for the purpose.
> int main (int argc, char*argv)
> {
> system("/path/to/my/script.sh");
> return 0;
> }
There are good reasons why scripts aren't allowed to be suid, and
you need to take a _lot_ of care if you want to ignore this, and allow
users to run scripts as users with higher privleges than they're normally
allowed. Eg:
$ cat runtestshasroot.c
#include <stdlib.h>
int main(int argc, char **argv)
{
system("/home/aj/test.sh");
return 0;
}
$ ls -l runtestshasroot
-rwsr-xr-x 1 root root 8576 Sep 11 20:18 runtestshasroot
$ cat test.sh
#!/bin/sh
echo "hello, world runs at:" `date`
$ cat date
#!/bin/sh
echo haha >/hax0r
exec /bin/date
$ ls -l /hax0r
ls: /hax0r: No such file or directory
$ PATH=.:$PATH ./runtestshasroot
hello, world runs at: Thu Sep 11 20:23:16 EST 2003
$ ls -l /hax0r
-rw-r--r-- 1 root aj 5 Sep 11 20:23 /hax0r
Cheers,
aj
--
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
Australian DMCA (the Digital Agenda Amendments) Under Review!
-- http://azure.humbug.org.au/~aj/blog/copyright/digitalagenda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20030911/7d5849d7/attachment.sig>
More information about the General
mailing list