[H-GEN] Setting a Perl script suid

Jason Parker-Burlingham jasonp at panix.com
Wed Sep 10 23:42:50 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Paul Cornford <cbecwd at bigpond.com> writes:

> I am trying to run a perl script SUID and whenever I try "perl -cw
> <scriptname>' all I get is "Args must match #! at auction.pl line 1" -
> which is true. 

Why are you running perl as root with the -c option?  That makes no
sense.

Try feeding the error message into splain(1), depending on your
version of perl.

> I don't add the -c arg to my first line. But if I make the args the
> same I get "Can't do setuid". I know running Perl scripts SUID is
> tricky but does anyone know how I can do this? The script is
> actually being run as a CGI (locally).

   [0]henry at freezer:henry $ splain
   /usr/bin/splain: Reading from STDIN
   Can't do setuid
   Can't do setuid (#1)
       (F) This typically means that ordinary perl tried to exec suidperl to do
       setuid emulation, but couldn't exec it.  It looks for a name of the form
       sperl5.000 in the same directory that the perl executable resides under
       the name perl5.000, typically /usr/local/bin on Unix machines.  If the
       file is there, check the execute permissions.  If it isn't, ask your
       sysadmin why he and/or she removed it.

I suggest you have two problems:

1) Checking the syntax of your script with -c.  Just run

      $ perl -c auction.pl

   as a normal user.  You won't get any extra functionality running it
   as root, and in fact as you find out, when perl runs as root it
   turns on taint mode and fails miserably.

2) Making the script run setuid.  I don't have much to offer on that
   front and I'm not at all sure it's even a good idea, taint mode or
   no.

You go on to say:

> Because after hours of unrewarded effort I can't seem to access the
> Perl modules I need without it. Yes I've tried adding to @INC, and
> I've tried 'use lib ...' but these haven't worked.

If you cut and paste the exact error message and your script here
(email this to me privately if the script is longer than 50 lines or
so) I will endeavor to suggest how to fix it.

> However, I did manage to run the script on my own machine at home
> successfully SUID, and since the script is for internal use only it
> seems the only way to go. Clearly my understanding of permissions is
> lacking but the time factor has beaten me for further study.

If you don't have time to learn how to do this properly you're better
off not doing it.  Setuid programs of any sort aren't to be trifled
with.

jason
-- 
Baby Pictures:
      http://panix.com/~jasonp?HenryGrosvenorParkerBurlingham

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list