[NTLUG:Discuss] SETUID on Shell Scripts Question

MadHat madhat at unspecific.com
Mon Apr 3 10:19:43 CDT 2000


Brian wrote:
> 
> MadHat wrote:
> > since perl is a scripting language, I know this is not correct (unless
> > the default in the newer kernels is to have the ability turned on,
> > 'cause I didn't set it).
> 
> Well, if you haven't tried it yourself, then I guess you really don't
> know, do you?  You can't create a suid perl script that will run
> anything with a effective UID of root on a kernel > 2.0.38.  You can put
> a C wrapper around it.  This is explained in minute detail in the blue
> camel book.

 what I was talking about was the comment made by you about "This
functionality can be disabled in the kernel, if you really have to run
suid scripts."  What I was trying to say is that I have not disabled
anything about suid scripts in the kernel.  I am presently running 2.2.*
(different releases on different machines) and I do run suid scipts in
perl.  But as I said I do have to use the 'suidperl' binary instead of
the 'perl' binary, but by using it, it works fine for suid scripts.  I
run several scripts suid root, but none of them are _shell_ scripts,
they are all perl scripts.

Can you tell me what page you are looking at in the Camel book?  The
only mention I can remember (and could find when I just looked) is
mention of the suidperl binary.  Is this the wrapper of which you speak?

> 
> However, if you have a workaround, I would be most interested in seeing
> how you do it.

for perl, or shell scripts?

-- 
%_=split';','2e;hac;40;not;64;ju;66; Perl ;68;st a;6f;ker;75;her';
print map $_{unpack "H2",$_}, split //,
'madhat at unspecific.com'
# aka Lee Heath, but don't tell anyone.




More information about the Discuss mailing list