Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!arclight.uoregon.edu!nntp.primenet.com!news.bbnplanet.com!cpk-news-hub1.bbnplanet.com!EU.net!main.Germany.EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.admin,comp.unix.questions,comp.unix.bsd.bsdi.misc Subject: Re: Setuid Problem Date: 18 Nov 1996 15:36:13 GMT Organization: interface business GmbH, Dresden Lines: 62 Message-ID: <56pvpd$8db@innocence.interface-business.de> References: <567ko8$6dd@sleipnir.iaccess.com.au> <569rjk$4j2@mx.iki.rssi.ru> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.admin:50567 comp.unix.questions:91480 comp.unix.bsd.bsdi.misc:5297 serg@infomag.mipt.rssi.ru (Sergei A. Golubchik) wrote: > Second. You must use not perl (#!/.../perl) but suidperl > (or sperl4.036 on my PC) -- this is the trick. Automagically running suidperl is a compile-time option. From Perl's config.h: /* DOSUID * This symbol, if defined, indicates that the C program should * check the script that it is executing for setuid/setgid bits, and * attempt to emulate setuid/setgid on systems that have disabled * setuid #! scripts because the kernel can't do it securely. You need the #!/usr/bin/suidperl trick if your version of Perl is not compiled with this option. > Third. read man perl about suid scripts -- there is many stupid limitations: > "Smart" sperl won't allow you to do "insecure" things (e.g. write to > files). These limitations are IMHO everything else than stupid: they basically try to prevent the programmer from his own stupidity by checking the ``taintedness'' of a particular variable before doing something dangerous with it. Nobody says you can't write files in suid Perl scripts -- but you normally cannot create files where the names have been passed by a user on the command line or in an environmental variables, or derived from the script's input. (There are methods to validate such names, and bypass the restrictions once you are certain about the name. The Perl man pages mentions this.) And, Perl prevents you from accidentally spawn a shell as part of a system() call. (That doesn't mean you couldn't use system() at all, but you can't use it with arguments that require a shell.) IMHO, all these measures make it much safer to write a setuid Perl script than writing a setuid C program without all these safety belts. > Fourth. At www.perl.com (or something like this) there is a warning, > that due to bug in suidperl, it's better clear suid flags (and > disabling suid scripts) This is ridiculous. The proposed fix doesn't work btw., at least not on FreeBSD and NetBSD. The setuid script is simply ignored there. The best fix is to avoid ``Posix saved IDs'' for Perl. To the best of my knowledge, a suidperl compiled with the following settings on a 4.4BSD system can be considered secure: /*#undef HAS_SETEGID /**/ /*#undef HAS_SETEUID /**/ #define HAS_SETREGID /**/ #define HAS_SETREUID /**/ #define HAS_SETRGID /**/ #define HAS_SETRUID /**/ -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j