Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!news.sprintlink.net!news-peer.sprintlink.net!uunet!in2.uu.net!Gamma.RU!srcc!demos!news.rssi.ru!news From: serg@infomag.mipt.rssi.ru (Sergei A. Golubchik) Newsgroups: comp.unix.admin,comp.unix.questions,comp.unix.bsd.bsdi.misc Subject: Re: Setuid Problem Date: 12 Nov 1996 12:46:44 GMT Organization: Russian Space Research Institute Lines: 48 Message-ID: <569rjk$4j2@mx.iki.rssi.ru> References: <567ko8$6dd@sleipnir.iaccess.com.au> NNTP-Posting-Host: infomag.mipt.rssi.ru X-Newsreader: knews 0.9.6 Xref: euryale.cc.adfa.oz.au comp.unix.admin:50212 comp.unix.questions:91104 comp.unix.bsd.bsdi.misc:5257 In article <567ko8$6dd@sleipnir.iaccess.com.au>, phil@iaccess.com.au (Phillip Krokidis) writes: >Hello, > >Im having problems getting setuid to work on a bsdi 1.1 system >I have set the owner of a file as root and the "s" bit as >follows: > >-rwsrwxr-x 1 root wheel 1815 Nov 3 22:59 file.pl > >If I try to run the program by sending email to an alias >in the sendmail /etc/aliases file ie. alias: "|/path_to_file/file.pl" >the program will not run as root but as daemon with effective and real id >of "1". > >Can anyone suggest a way to get this working? > >Thanks, >Phil >phil@iaccess.com.au Hello, Phil. I faced such a problem some time ago. There is a complete solution. First. Script must be setUID. (You do it) Second. You must use not perl (#!/.../perl) but suidperl (or sperl4.036 on my PC) -- this is the trick. Third. read man perl about suid scripts -- there is many stupid limitations: "Smart" sperl won't allow you to do "insecure" things (e.g. write to files). Fourth. At www.perl.com (or something like this) there is a warning, that due to bug in suidperl, it's better clear suid flags (and disabling suid scripts) Fifth. At last, I create an pseudo-account w/o shell, and set up cron to run my (non suid) script on this mailbox. I think it will be enough... Good luck. P.S. if you find another solution, please, mail! -- Regards, SerG.