*BSD News Article 83689


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!howland.erols.net!EU.net!main.Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet
From: j@ida.interface-business.de (J Wunsch)
Newsgroups: comp.unix.admin,comp.unix.questions,comp.unix.bsd.bsdi.misc
Subject: Re: Setuid Problem
Date: 27 Nov 1996 12:52:48 GMT
Organization: interface business GmbH, Dresden
Lines: 16
Message-ID: <57hdj0$kp9@innocence.interface-business.de>
References: <567ko8$6dd@sleipnir.iaccess.com.au>
  <32879E81.777B@arlut.utexas.edu>
Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch)
NNTP-Posting-Host: ida.interface-business.de
X-Newsreader: knews 0.9.6
X-Phone: +49-351-31809-14
X-Fax: +49-351-3361187
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.admin:50990 comp.unix.questions:92051 comp.unix.bsd.bsdi.misc:5362

Ian Fink <fink@arlut.utexas.edu> wrote:

> If your Perl script is trying to write to a file, then in general
> kernel won't let you unless you recompile your kernel to allow setuid
> scripts.

suidperl is the official way out of this dilemma.  It also enables
taint checks, which is something you really wanna have for a setuid
script.  (I think plain Perl does detect its suidness, and refuses to
run this way with your C wrapper, of course, unless you also set the
real UID inside the wrapper.)

-- 
J"org Wunsch					       Unix support engineer
joerg_wunsch@interface-business.de       http://www.interface-business.de/~j