Recent Changes - Search:


Code:


Social:


My journals will take the place of a blog. If you go to the Journal page there is an RSS feed to subscribe with.

« July 2017 
SunMonTueWedThuFriSat
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Sites I take responsibility for

West Volusia, Florida

Documents

Technical

General

Me

Living

Places I frequent

Hobbies

Humor

Items for sale:


Clipboard

edit SideBar

SUID

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs: Welcome to ke3vin.org! - My Public Technical Notes - Software And Operating Systems - Linux - Howtos - Files And File Management - SUID

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
Share

2016-03-22: This site is being moved to my main site at https://kevininscoe.com/wiki as part of a consolidation to one domain.


I assuming here you already know what SUID does for you when set. If not go read http://en.wikipedia.org/wiki/Setuid.

In Linux (since the beginning) SUID only works on executable programs and not shell scripts. The exception is Perl scripts.

Running Perl scripts as SUID:

When a perl script runs setuid or setgid, taint checking is turned on. Check perlsec for an explanation. This is required reading for running scripts as SUID. One thing taint mode does, is complain loudly when you did not set your PATH explicitly in your script.

$ sudo chmod 4755 priv.pl
$ ./priv.pl
Insecure $ENV{PATH} while running setuid at ./priv.pl line 10.

This is the Insecure $ENV{PATH} while running setuid at ./priv.pl line 15. message. To get rid of this message, you need to set your path explicitly in your script, and set it so that <b>no</b> directory in that path is writable by others than it's owner and group. The easiest way to do this is to simply clear PATH ($ENV{'PATH'}='';) and call all external commands with their full path specified. A quick example:

$ perl -Te 'system("/bin/echo", "Camels have fleas");' Insecure $ENV{PATH} while
running with -T switch at -e line 1. $ perl -Te
'$ENV{PATH}="";system("/bin/echo", "Camels have fleas");' Camels have fleas

Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site - http://kevininscoe.com

Edit - History - Print - Recent Changes - Search
Page last modified on September 16, 2013, at 11:10 AM EST