*BSD News Article 88378


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.erols.net!worldnet.att.net!news.maxwell.syr.edu!EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet
From: j@ida.interface-business.de (J Wunsch)
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Re: Perl 5.003 install  - suid problems not resolved
Date: 6 Feb 1997 18:06:32 GMT
Organization: interface business GmbH, Dresden
Lines: 65
Message-ID: <5dd6j8$72n@innocence.interface-business.de>
References: <32F95B2F.7142@multimediums.com>
Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch)
NNTP-Posting-Host: ida.interface-business.de
X-Newsreader: knews 0.9.6
X-Phone: +49-351-31809-14
X-Fax: +49-351-3361187
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5868

"John E. Vasileff" <vasileff@multimediums.com> wrote:

> I have been having problems installing suidperl 5.003 on my BSDI 2.1
> server.  After my first install, accepting all defaults, suid scripts
> would not execute at all - after trying to run them, I would recieve
> just a prompt with no error messages.
> 
> I later searched the archives of this newsgroups for similar problems,
> and found a sample config.sh file, which is included below.  After
> installing using these defaults, I get the error message: "Can't swap
> uid and euid." whenever I try to run suid scripts.

The FreeBSD setup should work on BSD/OS, too, i tend to believe.
IIRC, the trick is to not use Posix saved IDs.  (That's been what was
causing the security hole.)

Looking at FreeBSD's port, it seems they run plain Configure only, but
apply this patch before:

--- perl.c.orig	Tue Feb 27 13:30:44 1996
+++ perl.c	Sun Jun  2 09:22:34 1996
@@ -1606,10 +1606,10 @@
 	    (void)setegid(statbuf.st_gid);
 #else
 #ifdef HAS_SETREGID
-           (void)setregid((Gid_t)-1,statbuf.st_gid);
+           (void)setregid((Gid_t)gid,statbuf.st_gid);
 #else
 #ifdef HAS_SETRESGID
-           (void)setresgid((Gid_t)-1,statbuf.st_gid,(Gid_t)-1);
+           (void)setresgid((Gid_t)gid,statbuf.st_gid,(Gid_t)gid);
 #else
 	    setgid(statbuf.st_gid);
 #endif
@@ -1624,10 +1624,10 @@
 		(void)seteuid(statbuf.st_uid);	/* all that for this */
 #else
 #ifdef HAS_SETREUID
-                (void)setreuid((Uid_t)-1,statbuf.st_uid);
+                (void)setreuid((Uid_t)uid,statbuf.st_uid);
 #else
 #ifdef HAS_SETRESUID
-                (void)setresuid((Uid_t)-1,statbuf.st_uid,(Uid_t)-1);
+                (void)setresuid((Uid_t)uid,statbuf.st_uid,(Uid_t)uid);
 #else
 		setuid(statbuf.st_uid);
 #endif
@@ -1641,10 +1641,10 @@
           (void)seteuid((Uid_t)uid);
 #else
 #ifdef HAS_SETREUID
-          (void)setreuid((Uid_t)-1,(Uid_t)uid);
+          (void)setreuid((Uid_t)uid,(Uid_t)uid);
 #else
 #ifdef HAS_SETRESUID
-          (void)setresuid((Uid_t)-1,(Uid_t)uid,(Uid_t)-1);
+          (void)setresuid((Uid_t)uid,(Uid_t)uid,(Uid_t)uid);
 #else
           setuid((Uid_t)uid);
 #endif

-- 
J"org Wunsch					       Unix support engineer
joerg_wunsch@interface-business.de       http://www.interface-business.de/~j