*BSD News Article 83134


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!arclight.uoregon.edu!nntp.primenet.com!news.bbnplanet.com!cpk-news-hub1.bbnplanet.com!EU.net!main.Germany.EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet
From: j@ida.interface-business.de (J Wunsch)
Newsgroups: comp.unix.admin,comp.unix.questions,comp.unix.bsd.bsdi.misc
Subject: Re: Setuid Problem
Date: 18 Nov 1996 15:36:13 GMT
Organization: interface business GmbH, Dresden
Lines: 62
Message-ID: <56pvpd$8db@innocence.interface-business.de>
References: <567ko8$6dd@sleipnir.iaccess.com.au> <569rjk$4j2@mx.iki.rssi.ru>
Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch)
NNTP-Posting-Host: ida.interface-business.de
X-Newsreader: knews 0.9.6
X-Phone: +49-351-31809-14
X-Fax: +49-351-3361187
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.admin:50567 comp.unix.questions:91480 comp.unix.bsd.bsdi.misc:5297

serg@infomag.mipt.rssi.ru (Sergei A. Golubchik) wrote:

> Second. You must use not perl (#!/.../perl) but suidperl
>         (or sperl4.036 on my PC) -- this is the trick.

Automagically running suidperl is a compile-time option.

From Perl's config.h:

/* DOSUID
 *      This symbol, if defined, indicates that the C program should
 *      check the script that it is executing for setuid/setgid bits, and
 *      attempt to emulate setuid/setgid on systems that have disabled
 *      setuid #! scripts because the kernel can't do it securely.

You need the #!/usr/bin/suidperl trick if your version of Perl is not
compiled with this option.

> Third. read man perl about suid scripts -- there is many stupid limitations:
>         "Smart" sperl won't allow you to do "insecure" things (e.g. write to
>         files).

These limitations are IMHO everything else than stupid: they basically
try to prevent the programmer from his own stupidity by checking the
``taintedness'' of a particular variable before doing something
dangerous with it.  Nobody says you can't write files in suid Perl
scripts -- but you normally cannot create files where the names have
been passed by a user on the command line or in an environmental
variables, or derived from the script's input.  (There are methods to
validate such names, and bypass the restrictions once you are certain
about the name.  The Perl man pages mentions this.)

And, Perl prevents you from accidentally spawn a shell as part of a
system() call.  (That doesn't mean you couldn't use system() at all,
but you can't use it with arguments that require a shell.)

IMHO, all these measures make it much safer to write a setuid Perl
script than writing a setuid C program without all these safety belts.

> Fourth. At www.perl.com (or something like this) there is a warning,
>          that due to bug in suidperl, it's better clear suid flags (and
>          disabling suid scripts)

This is ridiculous.  The proposed fix doesn't work btw., at least not
on FreeBSD and NetBSD.  The setuid script is simply ignored there.

The best fix is to avoid ``Posix saved IDs'' for Perl.

To the best of my knowledge, a suidperl compiled with the following
settings on a 4.4BSD system can be considered secure:

/*#undef        HAS_SETEGID             /**/
/*#undef        HAS_SETEUID             /**/
#define  HAS_SETREGID            /**/
#define  HAS_SETREUID            /**/
#define  HAS_SETRGID             /**/
#define  HAS_SETRUID             /**/

-- 
J"org Wunsch					       Unix support engineer
joerg_wunsch@interface-business.de       http://www.interface-business.de/~j