Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.erols.net!worldnet.att.net!news.maxwell.syr.edu!EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Perl 5.003 install - suid problems not resolved Date: 6 Feb 1997 18:06:32 GMT Organization: interface business GmbH, Dresden Lines: 65 Message-ID: <5dd6j8$72n@innocence.interface-business.de> References: <32F95B2F.7142@multimediums.com> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5868 "John E. Vasileff" <vasileff@multimediums.com> wrote: > I have been having problems installing suidperl 5.003 on my BSDI 2.1 > server. After my first install, accepting all defaults, suid scripts > would not execute at all - after trying to run them, I would recieve > just a prompt with no error messages. > > I later searched the archives of this newsgroups for similar problems, > and found a sample config.sh file, which is included below. After > installing using these defaults, I get the error message: "Can't swap > uid and euid." whenever I try to run suid scripts. The FreeBSD setup should work on BSD/OS, too, i tend to believe. IIRC, the trick is to not use Posix saved IDs. (That's been what was causing the security hole.) Looking at FreeBSD's port, it seems they run plain Configure only, but apply this patch before: --- perl.c.orig Tue Feb 27 13:30:44 1996 +++ perl.c Sun Jun 2 09:22:34 1996 @@ -1606,10 +1606,10 @@ (void)setegid(statbuf.st_gid); #else #ifdef HAS_SETREGID - (void)setregid((Gid_t)-1,statbuf.st_gid); + (void)setregid((Gid_t)gid,statbuf.st_gid); #else #ifdef HAS_SETRESGID - (void)setresgid((Gid_t)-1,statbuf.st_gid,(Gid_t)-1); + (void)setresgid((Gid_t)gid,statbuf.st_gid,(Gid_t)gid); #else setgid(statbuf.st_gid); #endif @@ -1624,10 +1624,10 @@ (void)seteuid(statbuf.st_uid); /* all that for this */ #else #ifdef HAS_SETREUID - (void)setreuid((Uid_t)-1,statbuf.st_uid); + (void)setreuid((Uid_t)uid,statbuf.st_uid); #else #ifdef HAS_SETRESUID - (void)setresuid((Uid_t)-1,statbuf.st_uid,(Uid_t)-1); + (void)setresuid((Uid_t)uid,statbuf.st_uid,(Uid_t)uid); #else setuid(statbuf.st_uid); #endif @@ -1641,10 +1641,10 @@ (void)seteuid((Uid_t)uid); #else #ifdef HAS_SETREUID - (void)setreuid((Uid_t)-1,(Uid_t)uid); + (void)setreuid((Uid_t)uid,(Uid_t)uid); #else #ifdef HAS_SETRESUID - (void)setresuid((Uid_t)-1,(Uid_t)uid,(Uid_t)-1); + (void)setresuid((Uid_t)uid,(Uid_t)uid,(Uid_t)uid); #else setuid((Uid_t)uid); #endif -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j