*BSD News Article 82717


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!news.sprintlink.net!news-peer.sprintlink.net!uunet!in2.uu.net!Gamma.RU!srcc!demos!news.rssi.ru!news
From: serg@infomag.mipt.rssi.ru (Sergei A. Golubchik)
Newsgroups: comp.unix.admin,comp.unix.questions,comp.unix.bsd.bsdi.misc
Subject: Re: Setuid Problem
Date: 12 Nov 1996 12:46:44 GMT
Organization: Russian Space Research Institute
Lines: 48
Message-ID: <569rjk$4j2@mx.iki.rssi.ru>
References: <567ko8$6dd@sleipnir.iaccess.com.au>
NNTP-Posting-Host: infomag.mipt.rssi.ru
X-Newsreader: knews 0.9.6
Xref: euryale.cc.adfa.oz.au comp.unix.admin:50212 comp.unix.questions:91104 comp.unix.bsd.bsdi.misc:5257

In article <567ko8$6dd@sleipnir.iaccess.com.au>,
	phil@iaccess.com.au (Phillip Krokidis) writes:
>Hello,
>
>Im having problems getting setuid to work on a bsdi 1.1 system
>I have set the owner of a file as root and the "s" bit as
>follows:
>
>-rwsrwxr-x  1 root  wheel    1815 Nov  3 22:59 file.pl
>
>If I try to run the program by sending email to an alias 
>in the sendmail /etc/aliases file ie. alias: "|/path_to_file/file.pl"
>the program will not run as root but as daemon with effective and real id
>of "1". 
>
>Can anyone suggest a way to get this working?
>
>Thanks,
>Phil
>phil@iaccess.com.au

Hello, Phil.

I faced such a problem some time ago.
There is a complete solution.

First. Script must be setUID. (You do it)
Second. You must use not perl (#!/.../perl) but suidperl
        (or sperl4.036 on my PC) -- this is the trick.
Third. read man perl about suid scripts -- there is many stupid limitations:
        "Smart" sperl won't allow you to do "insecure" things (e.g. write to
        files).
Fourth. At www.perl.com (or something like this) there is a warning,
         that due to bug in suidperl, it's better clear suid flags (and
         disabling suid scripts)
Fifth. At last, I create an pseudo-account w/o shell, and set up cron to
         run my (non suid) script on this mailbox.


I think it will be enough...

Good luck.

P.S. if you find another solution, please, mail!

-- 
Regards, SerG.