[H-GEN] Setting a Perl script suid

Paul Cornford cbecwd at bigpond.com
Thu Sep 11 19:25:20 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Thu, 2003-09-11 at 21:41, Anthony Towns wrote:
    On Thu, Sep 11, 2003 at 02:10:23PM +1000, Stephen Thorne wrote:
    > Its my understanding that you cannot set a script (i.e. something you execute
    > that starts with #!/path/to/bin/file) suid. I'm not sure about the perl
    > specifics, but here are two tips that apply to scripting languages.
    
    You can do it, but the suid bit is ignored. For perl scripts, you can point
    them at perl-suid instead of perl instead, I believe.
    
    > 1) Wrapping the script in a suid C program[0] you've written for the purpose.
    > int main (int argc, char*argv)
    > {
    > 	system("/path/to/my/script.sh");
    > 	return 0;
    > }
    
    There are good reasons why scripts aren't allowed to be suid, and
    you need to take a _lot_ of care if you want to ignore this, and allow
    users to run scripts as users with higher privleges than they're normally
    allowed.

I am now running the script SUID on two other Linux machines (not my
work machine) as a CGI using the ordinary Perl interpreter.
Incidentally, the owner of the script is not root. This is NOT my
permanent solution but at least it allows me access to the local Perl
modules which I have chmod'd (chmod o+r * -R) to no avail. I am aware of
the c wrapper alternative but so far there has been no necessity for
that. The real problem is why apache can't access the local Perl
modules. I have emailed the author of the modules and he is as mystified
as I am. Clearly this is a permissions problem and despite my
familiarity with chmod (I use it frequently) I cannot find a water tight
solution to this problem.
    

-- 
Paul Cornford
Web Programmer
Caboolture Business Enterprise Centre
39 Aerodrome Rd, Caboolture. 4510
Ph. 0754 991763


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list