Recent Changes - Search:


Code:


Social:


My journals will take the place of a blog. If you go to the Journal page there is an RSS feed to subscribe with.

(:blogcal group=Journal:)


Sites I take responsibility for

West Volusia, Florida

Documents

Technical

General

Me

Living

Places I frequent

Hobbies

Humor

Items for sale:


Clipboard

edit SideBar

SUID

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs: Main - MyPublicTechnicalNotes - SoftwareAndOperatingSystems - Linux - Howtos - FilesAndFileManagement - SUID

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
(:addThis btn="custom":)

2016-03-22: This site is being moved to my main site at https://kevininscoe.com/wiki as part of a consolidation to one domain.


I assuming here you already know what SUID does for you when set. If not go read http://en.wikipedia.org/wiki/Setuid.

In Linux (since the beginning) SUID only works on executable programs and not shell scripts. The exception is Perl scripts.

Running Perl scripts as SUID:

When a perl script runs setuid or setgid, taint checking is turned on. Check perlsec for an explanation. This is required reading for running scripts as SUID. One thing taint mode does, is complain loudly when you did not set your PATH explicitly in your script.

(:code header=Output from make install lang=Bash wrap=80:) $ sudo chmod 4755 priv.pl $ ./priv.pl Insecure $ENV{PATH} while running setuid at ./priv.pl line 10. (:codeend:)

This is the Insecure $ENV{PATH} while running setuid at ./priv.pl line 15. message. To get rid of this message, you need to set your path explicitly in your script, and set it so that <b>no</b> directory in that path is writable by others than it's owner and group. The easiest way to do this is to simply clear PATH ($ENV{'PATH'}='';) and call all external commands with their full path specified. A quick example:

(:code header=Output from make install lang=Perl wrap=80:) $ perl -Te 'system("/bin/echo", "Camels have fleas");' Insecure $ENV{PATH} while running with -T switch at -e line 1. $ perl -Te '$ENV{PATH}="";system("/bin/echo", "Camels have fleas");' Camels have fleas (:codeend:)


Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site - http://kevininscoe.com

Edit - History - Print - Recent Changes - Search
Page last modified on September 16, 2013, at 11:10 AM EST